Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1559713
MD5:f8c0ebdfd99eee53899e32d8e4aed988
SHA1:545673e664526108dcac27a24c8fc13a67dc3843
SHA256:0a1bc24039aaa659832a7678aae827f1dcb79808697147b7b243904f5dc0c6fe
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

  • System is w10x64
  • file.exe (PID: 6628 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F8C0EBDFD99EEE53899E32D8E4AED988)
    • taskkill.exe (PID: 2436 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 2184 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6992 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6460 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3476 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 3220 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7036 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 2864 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7008 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5bf9b5-84ac-4044-9d68-cc7a2e284fb2} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 16333270f10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7684 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf227e4f-5dc3-43be-85a4-53f86739f9d1} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163459df510 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8184 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4880 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a32dfac-dcd2-4e81-916d-59d797ae6bfc} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163451c5f10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 6628JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeReversingLabs: Detection: 34%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.4% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:49836 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49913 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49912 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49917 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49922 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49923 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2274512610.000001634FBC1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2322233093.000001634FBE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kbdus.pdb source: firefox.exe, 0000000E.00000003.2321839146.0000016340E5B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320647393.0000016340E5A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2322233093.000001634FBE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2321424398.000001634FBD8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2274512610.000001634FBC1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2321424398.000001634FBD8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 0000000E.00000003.2321839146.0000016340E5B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320647393.0000016340E5A000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0028DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025C2A2 FindFirstFileExW,0_2_0025C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002968EE FindFirstFileW,FindClose,0_2_002968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0029698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0028D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0028D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00299642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00299642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0029979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00299B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00299B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00295C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00295C97
    Source: firefox.exeMemory has grown: Private usage: 40MB later: 228MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0029CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2262835549.000001634465B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2409368583.000001634EC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2374106736.000001634F216000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397624996.000001634F217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2394600759.0000016344EDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2389286686.0000016344EE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427531031.0000016344EEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2374106736.000001634F216000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2397624996.000001634F217000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F173000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2358475998.000001634F1F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2401669080.000001634404B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394600759.0000016344EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2401669080.000001634404B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359061915.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322523265.0000016340E6A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2386012941.000001634C231000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2430081166.000001634475F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242651262.000001634475F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2403098453.0000016343284000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276848840.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2275485959.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276848840.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrust
    Source: firefox.exe, 0000000E.00000003.2275485959.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276848840.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 0000000E.00000003.2397624996.000001634F291000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408950524.000001634ECF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358541806.000001634F19B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2357717977.000001634F88A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2407976542.000001634F29A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2406679587.000001634F7D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358541806.000001634F1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428843516.0000016344BC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2358475998.000001634F1F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2392806470.000001634712B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2392806470.000001634712B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2349201824.0000016344A1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2343586142.0000016344A1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2401669080.000001634404B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431732493.000001634404C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2239108861.0000016347196000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388883139.0000016345882000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2422856049.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220729394.00000163437A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362254699.000001634693B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402541567.0000016343865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396155989.0000016344F33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388653431.00000163458E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2440795637.0000016346CA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258699155.00000163453AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2219354724.0000016340CE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2363542760.00000163468DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.000001634718B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.0000016347134000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329674699.00000163453CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2382810318.000001634521E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242117831.00000163459B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365549300.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240970584.0000016347084000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276848840.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2275485959.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274654766.0000016340E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2410130512.000001634DA5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2242117831.000001634594E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2368830071.000001634594E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242117831.000001634595D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402836674.0000016343825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2410426231.000001634B978000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2393856307.0000016346DC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2397624996.000001634F22B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408319766.000001634F22C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374106736.000001634F22B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2420251306.0000016345ABC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2342772209.000001634D49F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268787577.000001634D49F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2348806073.000001634D481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2350105165.000001634D4A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268535813.000001634D47F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2372711602.000001634F737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268787577.000001634D47F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2348481950.000001634D49F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2384192036.000001634EBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375354664.000001634EBA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2430081166.000001634475F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242651262.000001634475F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F173000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F173000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2389110428.00000163451BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369316769.00000163451BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359559933.000001634F13F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427359060.00000163451C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242057559.0000016345AA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2420389165.0000016345AA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376093629.00000163451BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 0000000E.00000003.2399789677.0000016344C6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170143
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262774917.0000016344666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262774917.0000016344666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2382810318.000001634521E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=793869
    Source: firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2428843516.0000016344B4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2428843516.0000016344BC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2243204058.0000016344722000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2415717323.0000016347270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2415206525.0000016347281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2415206525.0000016347281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242117831.00000163459B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2231825802.0000016347327000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2384192036.000001634EBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262835549.000001634465B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375354664.000001634EBA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2322499807.0000016344F26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2231825802.0000016347327000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336444172.00000163473B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2221035979.0000016343675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2332383042.0000016343675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243148323.0000016344748000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419337715.0000016345E17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366635966.0000016345E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376051367.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2245936156.00000163449F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2408666792.000001634F17B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2408666792.000001634F17B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2394727732.0000016344E6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358541806.000001634F195000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2419337715.0000016345E17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366635966.0000016345E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376051367.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426081843.00000163457B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2231825802.0000016347327000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2358541806.000001634F1A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2375098857.000001634EBE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262835549.000001634465B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2384004882.000001634EBEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409492702.000001634EBF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2399623922.0000016344CB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428411652.0000016344CBB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F189000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403805600.000001634C23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C23D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2418140001.0000016346826000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2422223605.0000016346827000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAAF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2398201083.000001634EC9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359559933.000001634F13F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/51677bbf-b314-4517-ab8c-61603
    Source: firefox.exe, 0000000E.00000003.2401490613.0000016344059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/5e60520e-dcf4-47d2-b6af-3995
    Source: firefox.exe, 0000000E.00000003.2399515500.0000016344CE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/a869c10b-90fe-435e
    Source: firefox.exe, 0000000E.00000003.2402541567.00000163438C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b6aa2c28-1fe5-4604
    Source: firefox.exe, 0000000E.00000003.2426081843.00000163457B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/baa31b66-614d-41cb
    Source: firefox.exe, 0000000E.00000003.2375934763.0000016346DE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.2402437675.00000163438F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2402003459.0000016343AE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2401490613.0000016344076000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402541567.0000016343865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431557411.0000016344076000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243382123.0000016344076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2241480918.0000016346DD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375934763.0000016346DD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2241480918.0000016346DD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375934763.0000016346DD3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2384192036.000001634EBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262835549.000001634465B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375354664.000001634EBA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B0472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2374749812.000001634F159000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2394835868.0000016344E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2322499807.0000016344F26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2394835868.0000016344E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427964650.0000016344E44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2394600759.0000016344EDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2376093629.00000163451BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243204058.000001634472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243204058.000001634472D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2406105428.00000163472B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376051367.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2363773575.00000163468CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAAF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2430081166.000001634475F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242651262.000001634475F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2401669080.000001634404B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388883139.0000016345897000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431732493.000001634404C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2369114656.0000016345897000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409368583.000001634EC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2401077589.00000163440B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431784873.0000016344049000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358541806.000001634F195000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344021000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C27D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2392806470.000001634712B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2392806470.000001634712B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2331856594.00000163442B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2364258940.000001634685F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418026613.000001634685F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2421985713.0000016346861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2391156078.000001634C252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C27D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2405666960.00000163416F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2358541806.000001634F1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2391156078.000001634C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403805600.000001634C2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2231825802.0000016347327000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2358541806.000001634F1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338938458.0000016344ABB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246620052.0000016344AAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336444172.00000163473B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C2D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243204058.000001634472D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2361462820.0000016346979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359559933.000001634F13F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2274714825.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274714825.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E79000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2276848840.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275595964.0000016340E5D000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2375508687.0000016347095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2359851260.000001634B8DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238050249.0000016346FCC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2359851260.000001634B8DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243204058.000001634472D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2372711602.000001634F73F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2410426231.000001634B997000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2360449341.00000163470E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398610210.00000163470E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410426231.000001634B97A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240502363.00000163470E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2410426231.000001634B98F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2375354664.000001634EBA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2391156078.000001634C252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C27D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
    Source: firefox.exe, 0000000E.00000003.2245936156.00000163449F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2409280889.000001634EC3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2391156078.000001634C252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C27D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344021000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
    Source: firefox.exe, 0000000E.00000003.2401077589.00000163440B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2401077589.00000163440B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2403805600.000001634C25D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
    Source: firefox.exe, 0000000E.00000003.2401669080.0000016344021000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C27D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394835868.0000016344E2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAAF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2407189225.000001634F43C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2415771427.000001634722E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 00000012.00000002.3425410443.00000177CAAF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/s
    Source: firefox.exe, 0000000E.00000003.2419407819.0000016345E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366635966.0000016345E0A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2359061915.000001634F173000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2391156078.000001634C2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2403805600.000001634C2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000010.00000002.3424133837.00000198B04B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5EF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3428457947.00000177CAB06000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262804973.0000016344662000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409368583.000001634EC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2404910454.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414963686.00000163472F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2386866752.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.2388073668.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2392806470.0000016347134000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.2368413455.0000016345994000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399789677.0000016344C6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000011.00000002.3424450238.0000022EA5CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 00000012.00000002.3423422945.00000177CA6C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac1
    Source: firefox.exe, 00000012.00000002.3423845478.00000177CA71A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.googl
    Source: firefox.exe, 0000000E.00000003.2314084280.000001634F76A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2399789677.0000016344C3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2348481950.000001634D49F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3429131711.00000198B08B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3423479433.00000198B0370000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3423479433.00000198B037A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3424450238.0000022EA5CF4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3422966204.0000022EA5B0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3422966204.0000022EA5B00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423845478.00000177CA71A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423422945.00000177CA6C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423845478.00000177CA710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2201985419.0000016FF8567000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2208615087.0000023FFCE8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.3429131711.00000198B08B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3423479433.00000198B0370000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3424450238.0000022EA5CF4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3422966204.0000022EA5B00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423422945.00000177CA6C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423845478.00000177CA710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49788 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:49836 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49913 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49912 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49917 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49916 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49922 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49923 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0029EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0029ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0029EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0028AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002B9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_002B9576

    System Summary

    barindex
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000000.00000000.2161870215.00000000002E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_0d827098-8
    Source: file.exe, 00000000.00000000.2161870215.00000000002E2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_ea7c14b3-f
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_956101aa-5
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_8fccd31d-1
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA6492377 NtQuerySystemInformation,17_2_0000022EA6492377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA64B33B2 NtQuerySystemInformation,17_2_0000022EA64B33B2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0028D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00281201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00281201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0028E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022BF400_2_0022BF40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002280600_2_00228060
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002920460_2_00292046
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002882980_2_00288298
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025E4FF0_2_0025E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025676B0_2_0025676B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002B48730_2_002B4873
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0024CAA00_2_0024CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0022CAF00_2_0022CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0023CC390_2_0023CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00256DD90_2_00256DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0023B1190_2_0023B119
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002291C00_2_002291C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002413940_2_00241394
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0024781B0_2_0024781B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002279200_2_00227920
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0023997D0_2_0023997D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00247A4A0_2_00247A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00247CA70_2_00247CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00273CD20_2_00273CD2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002ABE440_2_002ABE44
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00259EEE0_2_00259EEE
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA649237717_2_0000022EA6492377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA64B33B217_2_0000022EA64B33B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA64B3ADC17_2_0000022EA64B3ADC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA64B33F217_2_0000022EA64B33F2
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00229CB3 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0023F9F2 appears 40 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00240A30 appears 46 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@67/12
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002937B5 GetLastError,FormatMessageW,0_2_002937B5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002810BF AdjustTokenPrivileges,CloseHandle,0_2_002810BF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002816C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_002816C3
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002951CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_002951CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0028D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0029648E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002242A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_002242A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3820:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6916:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:796:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314084280.000001634F76A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2358541806.000001634F1C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2409064834.000001634ECEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 34%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5bf9b5-84ac-4044-9d68-cc7a2e284fb2} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 16333270f10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf227e4f-5dc3-43be-85a4-53f86739f9d1} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163459df510 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4880 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a32dfac-dcd2-4e81-916d-59d797ae6bfc} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163451c5f10 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5bf9b5-84ac-4044-9d68-cc7a2e284fb2} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 16333270f10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf227e4f-5dc3-43be-85a4-53f86739f9d1} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163459df510 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4880 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a32dfac-dcd2-4e81-916d-59d797ae6bfc} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163451c5f10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2274512610.000001634FBC1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 0000000E.00000003.2322233093.000001634FBE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kbdus.pdb source: firefox.exe, 0000000E.00000003.2321839146.0000016340E5B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320647393.0000016340E5A000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2322233093.000001634FBE2000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2321424398.000001634FBD8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2274512610.000001634FBC1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2321424398.000001634FBD8000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: kbdus.pdbGCTL source: firefox.exe, 0000000E.00000003.2321839146.0000016340E5B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320647393.0000016340E5A000.00000004.00000020.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002242DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00240A76 push ecx; ret 0_2_00240A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0023F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0023F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002B1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_002B1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95309
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA6492377 rdtsc 17_2_0000022EA6492377
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0028DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025C2A2 FindFirstFileExW,0_2_0025C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002968EE FindFirstFileW,FindClose,0_2_002968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0029698F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0028D076
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0028D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00299642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00299642
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0029979D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00299B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00299B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00295C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00295C97
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002242DE
    Source: firefox.exe, 00000010.00000002.3423479433.00000198B037A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp-
    Source: firefox.exe, 00000011.00000002.3422966204.0000022EA5B0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPq6
    Source: firefox.exe, 00000011.00000002.3428292945.0000022EA6372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllhm4
    Source: firefox.exe, 00000012.00000002.3424632122.00000177CA780000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3423845478.00000177CA71A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3428205282.00000198B0712000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000010.00000002.3429407591.00000198B08D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
    Source: firefox.exe, 00000010.00000002.3429407591.00000198B08D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3428292945.0000022EA6372000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000011.00000002.3428292945.0000022EA6360000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW/t
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_0000022EA6492377 rdtsc 17_2_0000022EA6492377
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0029EAA2 BlockInput,0_2_0029EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00252622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00252622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002242DE
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00244CE8 mov eax, dword ptr fs:[00000030h]0_2_00244CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00280B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00280B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00252622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00252622
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0024083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0024083F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002409D5 SetUnhandledExceptionFilter,0_2_002409D5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00240C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00240C21
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00281201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00281201
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00262BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00262BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0028B226 SendInput,keybd_event,0_2_0028B226
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_002A22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00280B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00280B62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00281663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00281663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 0000000E.00000003.2282553851.000001634FC42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00240698 cpuid 0_2_00240698
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00298195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00298195
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0027D27A GetUserNameW,0_2_0027D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0025B952
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002242DE

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6628, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6628, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_002A1204
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002A1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_002A1806
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts
    1
    Windows Management Instrumentation
    1
    DLL Side-Loading
    1
    Exploitation for Privilege Escalation
    2
    Disable or Modify Tools
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    2
    Ingress Tool Transfer
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API
    2
    Valid Accounts
    1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory1
    Account Discovery
    Remote Desktop Protocol21
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection
    2
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares3
    Clipboard Data
    2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts
    1
    DLL Side-Loading
    NTDS16
    System Information Discovery
    Distributed Component Object ModelInput Capture3
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation
    1
    Extra Window Memory Injection
    LSA Secrets131
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection
    1
    Masquerading
    Cached Domain Credentials1
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts
    DCSync3
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion
    Proc Filesystem1
    Application Window Discovery
    Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation
    /etc/passwd and /etc/shadow1
    System Owner/User Discovery
    Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559713 Sample: file.exe Startdate: 20/11/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 228 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.142, 443, 49723, 49724 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49726, 49737, 49743 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe34%ReversingLabsWin32.Trojan.AutoitInject
    file.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    93.184.215.14
    truefalse
      high
      star-mini.c10r.facebook.com
      157.240.195.35
      truefalse
        high
        prod.classify-client.prod.webservices.mozgcp.net
        35.190.72.216
        truefalse
          high
          prod.balrog.prod.cloudops.mozgcp.net
          35.244.181.201
          truefalse
            high
            twitter.com
            104.244.42.193
            truefalse
              high
              prod.detectportal.prod.cloudops.mozgcp.net
              34.107.221.82
              truefalse
                high
                services.addons.mozilla.org
                151.101.193.91
                truefalse
                  high
                  dyna.wikimedia.org
                  185.15.58.224
                  truefalse
                    high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    34.149.100.209
                    truefalse
                      high
                      fp2e7a.wpc.phicdn.net
                      192.229.221.95
                      truefalse
                        high
                        contile.services.mozilla.com
                        34.117.188.166
                        truefalse
                          high
                          youtube.com
                          142.250.181.142
                          truefalse
                            high
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            34.160.144.191
                            truefalse
                              high
                              youtube-ui.l.google.com
                              172.217.19.174
                              truefalse
                                high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                34.149.128.2
                                truefalse
                                  high
                                  reddit.map.fastly.net
                                  151.101.65.140
                                  truefalse
                                    high
                                    ipv4only.arpa
                                    192.0.0.170
                                    truefalse
                                      high
                                      prod.ads.prod.webservices.mozgcp.net
                                      34.117.188.166
                                      truefalse
                                        high
                                        push.services.mozilla.com
                                        34.107.243.93
                                        truefalse
                                          high
                                          normandy-cdn.services.mozilla.com
                                          35.201.103.21
                                          truefalse
                                            high
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            34.120.208.123
                                            truefalse
                                              high
                                              www.reddit.com
                                              unknown
                                              unknownfalse
                                                high
                                                spocs.getpocket.com
                                                unknown
                                                unknownfalse
                                                  high
                                                  content-signature-2.cdn.mozilla.net
                                                  unknown
                                                  unknownfalse
                                                    high
                                                    support.mozilla.org
                                                    unknown
                                                    unknownfalse
                                                      high
                                                      firefox.settings.services.mozilla.com
                                                      unknown
                                                      unknownfalse
                                                        high
                                                        www.youtube.com
                                                        unknown
                                                        unknownfalse
                                                          high
                                                          www.facebook.com
                                                          unknown
                                                          unknownfalse
                                                            high
                                                            detectportal.firefox.com
                                                            unknown
                                                            unknownfalse
                                                              high
                                                              normandy.cdn.mozilla.net
                                                              unknown
                                                              unknownfalse
                                                                high
                                                                shavar.services.mozilla.com
                                                                unknown
                                                                unknownfalse
                                                                  high
                                                                  www.wikipedia.org
                                                                  unknown
                                                                  unknownfalse
                                                                    high
                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      high
                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://youtube.com/account?=https://ac1firefox.exe, 00000012.00000002.3423422945.00000177CA6C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              high
                                                                              https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2384192036.000001634EBA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262835549.000001634465B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261204841.00000163445A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375354664.000001634EBA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                  high
                                                                                  https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2231825802.0000016347327000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3424133837.00000198B0472000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.2361462820.0000016346979000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359559933.000001634F13F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.2405666960.00000163416DA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2394835868.0000016344E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427964650.0000016344E44000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2430081166.000001634475F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242651262.000001634475F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2398201083.000001634ECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2409106830.000001634ECD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2392806470.0000016347134000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2336444172.00000163473B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2391156078.000001634C2D4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214827178.0000016343453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243204058.000001634472D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://www.msn.comfirefox.exe, 0000000E.00000003.2419407819.0000016345E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2366635966.0000016345E0A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2214509939.0000016343432000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214273884.0000016343410000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2214036093.0000016343200000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://youtube.com/firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.2428843516.0000016344B4E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2401669080.0000016344031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://youtube.com/account?=https://acfirefox.exe, 00000011.00000002.3424450238.0000022EA5CF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                high
                                                                                                                                                https://ok.ru/firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://www.amazon.com/firefox.exe, 0000000E.00000003.2358541806.000001634F1C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2338938458.0000016344ABB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2359911174.00000163472CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2246620052.0000016344AAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://www.youtube.com/firefox.exe, 0000000E.00000003.2388073668.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2410426231.000001634B978000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3425410443.00000177CAAC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://127.0.0.1:firefox.exe, 0000000E.00000003.2403098453.0000016343284000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2414713714.000001634B836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2322499807.0000016344F26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://bugzilla.mofirefox.exe, 0000000E.00000003.2399789677.0000016344C6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2374749812.000001634F159000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2394600759.0000016344EDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://youtube.com/account?=https://accounts.googlfirefox.exe, 00000012.00000002.3423845478.00000177CA71A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.2392806470.0000016347136000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2420920901.000001634F17F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2376051367.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2394480128.0000016345E16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3425118502.0000022EA5E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3425410443.00000177CAA13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://addons.mozilla.org/firefox.exe, 0000000E.00000003.2375354664.000001634EB8C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.2397469728.00000163508C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1170143firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2239108861.0000016347196000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388883139.0000016345882000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2422856049.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2220729394.00000163437A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2362254699.000001634693B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2402541567.0000016343865000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2396155989.0000016344F33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2388653431.00000163458E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2440795637.0000016346CA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2258699155.00000163453AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2219354724.0000016340CE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2363542760.00000163468DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.000001634718B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236596352.0000016347317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.0000016347134000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2329674699.00000163453CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2382810318.000001634521E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242117831.00000163459B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2365549300.0000016345EA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240970584.0000016347084000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2393856307.0000016346DC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2241480918.0000016346DC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2241480918.0000016346DD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2375934763.0000016346DD3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                  http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                    https://www.zhihu.com/firefox.exe, 0000000E.00000003.2426917226.0000016345741000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                      http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                        http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2400247151.00000163447F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239108861.00000163471AF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                          https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2236596352.0000016347324000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                            https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                              http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2392806470.000001634712B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2374749812.000001634F179000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                  https://profiler.firefox.comfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                    https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=793869firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                        https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2399623922.0000016344CB7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428411652.0000016344CBB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                          https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                            https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2364258940.000001634685F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2418026613.000001634685F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2421985713.0000016346861000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              high
                                                                                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2263111698.0000016344687000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262974202.0000016344675000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262624431.0000016344650000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2262774917.0000016344666000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                high
                                                                                                                                                                                                                                                                https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.2401125888.00000163440A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2431500816.0000016344095000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  high
                                                                                                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2409227988.000001634EC5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    high
                                                                                                                                                                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2415206525.0000016347281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242117831.00000163459B1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      high
                                                                                                                                                                                                                                                                      https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2431037015.000001634472C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        high
                                                                                                                                                                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2394727732.0000016344E6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2358541806.000001634F195000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          high
                                                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3427806457.00000198B0580000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3424131745.0000022EA5CA0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3424709174.00000177CA880000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            high
                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                            142.250.181.142
                                                                                                                                                                                                                                                                            youtube.comUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                            prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                            push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                            prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                            prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                            contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                            151.101.193.91
                                                                                                                                                                                                                                                                            services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                            54113FASTLYUSfalse
                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                            normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                            prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                            prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                            telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                            127.0.0.1
                                                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                            Analysis ID:1559713
                                                                                                                                                                                                                                                                            Start date and time:2024-11-20 21:04:07 +01:00
                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                            Overall analysis duration:0h 7m 20s
                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:26
                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                            Sample name:file.exe
                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                            Classification:mal72.troj.evad.winEXE@34/34@67/12
                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 50%
                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 95%
                                                                                                                                                                                                                                                                            • Number of executed functions: 40
                                                                                                                                                                                                                                                                            • Number of non-executed functions: 315
                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 35.80.238.59, 35.164.125.63, 52.12.64.98, 172.217.17.78, 2.20.255.154, 2.23.167.193, 88.221.134.155, 88.221.134.209, 172.217.17.74
                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, tse1.mm.bing.net, a17.rackcdn.com.mdc.edgesuite.net, g.bing.com, detectportal.prod.mozaws.net, aus5.mozilla.org, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, ocsp.edge.digicert.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                            • VT rate limit hit for: file.exe
                                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                                            15:05:13API Interceptor1x Sleep call for process: firefox.exe modified
                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                151.101.193.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                        example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                        star-mini.c10r.facebook.comFax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        http://interpro.wisc.edu/courses/maintaining-asphalt-pavements/?utm_source=Brochure&utm_medium=postal&utm_campaign=D487&utm_term=SHB&utm_content=SepGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                        twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        https://ambir.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.77.79
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.116.198.130
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                        FASTLYUShttps://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                        HnJdZm51Xl.exeGet hashmaliciousAmadey, Clipboard HijackerBrowse
                                                                                                                                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                        https://ambir.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.194.49
                                                                                                                                                                                                                                                                                                                                        https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04Stdj4cHPTtKuY-2FmURzzu8QTldxw-2FzpyQYTJMxn3CPFnnsIuOY-2F5ruiOS6FLjm58JljkOmonXKnT8iwwYmA30I9bsERP5vx05gL85c3Lc-2F9WrpUfyNz12kcqjd3wt6WtaxLWxoHc5J3Zua9xQUurCc2AIjJtnP8Xu6Otzn8DBWsS0QPl2WC-2FCyrpDHulFvP0eEWn9IDo-2BqFc1GmD1SsVw5lRKY6yWeuyFQhUWIqZ4VCAeEroA6Ndqh9iaNvFz0XzERrEFYNTxkPirSQWkw6YqX5uo-3DaVWv_h5yw3DykLZfOpXzx776oAcLdVv6tuK-2FE7nfoR01CbnMOUH4fGhxn3KVtBew-2BRfJoKGgpvyhjBTXBTw1J6hN0wi-2FkZpowy1W9-2BTe-2Bf57Ts50FCXINRnefXkQ-2FFO3hKPeSa4hJKnd-2Bpj-2F7GS6r3Uq0ucRRb6izhExkinWfndIosIP-2Ff06hq3eO6ged-2F-2FYA1ldX-2BK4wuZipA-2BXRgTIkXvTbKj74iEMllOxCNkgoQZE3mKkIMM6o0L-2FNgq5TR8KcWZzS-2BEoZ1Oyop5AmC8zRE1SSKfnZ-2F0g1qg2dir-2F788Fq8CtpqmRpkFaF34nQcSYSfbixDSj0B5gj0fuY43UiPKR2D9s0w8lZaDR5dDYOswzPttauCIiIjiyfK20I-2BA4JjKFgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.2.92
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        aJU0obOiEeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.3.8
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                        ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        https://ambir.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.36.216.150
                                                                                                                                                                                                                                                                                                                                        https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04Stdj4cHPTtKuY-2FmURzzu8QTldxw-2FzpyQYTJMxn3CPFnnsIuOY-2F5ruiOS6FLjm58JljkOmonXKnT8iwwYmA30I9bsERP5vx05gL85c3Lc-2F9WrpUfyNz12kcqjd3wt6WtaxLWxoHc5J3Zua9xQUurCc2AIjJtnP8Xu6Otzn8DBWsS0QPl2WC-2FCyrpDHulFvP0eEWn9IDo-2BqFc1GmD1SsVw5lRKY6yWeuyFQhUWIqZ4VCAeEroA6Ndqh9iaNvFz0XzERrEFYNTxkPirSQWkw6YqX5uo-3DaVWv_h5yw3DykLZfOpXzx776oAcLdVv6tuK-2FE7nfoR01CbnMOUH4fGhxn3KVtBew-2BRfJoKGgpvyhjBTXBTw1J6hN0wi-2FkZpowy1W9-2BTe-2Bf57Ts50FCXINRnefXkQ-2FFO3hKPeSa4hJKnd-2Bpj-2F7GS6r3Uq0ucRRb6izhExkinWfndIosIP-2Ff06hq3eO6ged-2F-2FYA1ldX-2BK4wuZipA-2BXRgTIkXvTbKj74iEMllOxCNkgoQZE3mKkIMM6o0L-2FNgq5TR8KcWZzS-2BEoZ1Oyop5AmC8zRE1SSKfnZ-2F0g1qg2dir-2F788Fq8CtpqmRpkFaF34nQcSYSfbixDSj0B5gj0fuY43UiPKR2D9s0w8lZaDR5dDYOswzPttauCIiIjiyfK20I-2BA4JjKFgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.128.128.0
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.184.2.12
                                                                                                                                                                                                                                                                                                                                        arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.163.247.200
                                                                                                                                                                                                                                                                                                                                        x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 48.21.95.72
                                                                                                                                                                                                                                                                                                                                        i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 32.232.216.202
                                                                                                                                                                                                                                                                                                                                        ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        https://ambir.com/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.36.216.150
                                                                                                                                                                                                                                                                                                                                        https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04Stdj4cHPTtKuY-2FmURzzu8QTldxw-2FzpyQYTJMxn3CPFnnsIuOY-2F5ruiOS6FLjm58JljkOmonXKnT8iwwYmA30I9bsERP5vx05gL85c3Lc-2F9WrpUfyNz12kcqjd3wt6WtaxLWxoHc5J3Zua9xQUurCc2AIjJtnP8Xu6Otzn8DBWsS0QPl2WC-2FCyrpDHulFvP0eEWn9IDo-2BqFc1GmD1SsVw5lRKY6yWeuyFQhUWIqZ4VCAeEroA6Ndqh9iaNvFz0XzERrEFYNTxkPirSQWkw6YqX5uo-3DaVWv_h5yw3DykLZfOpXzx776oAcLdVv6tuK-2FE7nfoR01CbnMOUH4fGhxn3KVtBew-2BRfJoKGgpvyhjBTXBTw1J6hN0wi-2FkZpowy1W9-2BTe-2Bf57Ts50FCXINRnefXkQ-2FFO3hKPeSa4hJKnd-2Bpj-2F7GS6r3Uq0ucRRb6izhExkinWfndIosIP-2Ff06hq3eO6ged-2F-2FYA1ldX-2BK4wuZipA-2BXRgTIkXvTbKj74iEMllOxCNkgoQZE3mKkIMM6o0L-2FNgq5TR8KcWZzS-2BEoZ1Oyop5AmC8zRE1SSKfnZ-2F0g1qg2dir-2F788Fq8CtpqmRpkFaF34nQcSYSfbixDSj0B5gj0fuY43UiPKR2D9s0w8lZaDR5dDYOswzPttauCIiIjiyfK20I-2BA4JjKFgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.128.128.0
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.184.2.12
                                                                                                                                                                                                                                                                                                                                        arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 34.163.247.200
                                                                                                                                                                                                                                                                                                                                        x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 48.21.95.72
                                                                                                                                                                                                                                                                                                                                        i486.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                        • 32.232.216.202
                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                        fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.176109105231634
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:HBMX9JKcbhbVbTbfbRbObtbyEl7nArsJA6unSrDtTkdxSof6:HiWcNhnzFSJgr/1nSrDhkdx+
                                                                                                                                                                                                                                                                                                                                                            MD5:7BF0C5720398F248CB43E251D0C25F8E
                                                                                                                                                                                                                                                                                                                                                            SHA1:1492C58FFBF0A133761F1E4F82DD684203502BB5
                                                                                                                                                                                                                                                                                                                                                            SHA-256:2A25CC62CF47D1D7D6C90251CCF86611D4603B78D49B47C254DF48B165D8C99C
                                                                                                                                                                                                                                                                                                                                                            SHA-512:CF3C329E8C0160AA3ACA199F6B3C489400E71425A0058150E565B61107E11E7C27765E0FC7CA1E008A6AACE6C4053A33C3120E4D505A8B985EE0D1CD5A39DF73
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"e4f85075-9617-4c0b-a77b-ff6ecf9aeea1","creationDate":"2024-11-20T21:57:09.229Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.176109105231634
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:HBMX9JKcbhbVbTbfbRbObtbyEl7nArsJA6unSrDtTkdxSof6:HiWcNhnzFSJgr/1nSrDhkdx+
                                                                                                                                                                                                                                                                                                                                                            MD5:7BF0C5720398F248CB43E251D0C25F8E
                                                                                                                                                                                                                                                                                                                                                            SHA1:1492C58FFBF0A133761F1E4F82DD684203502BB5
                                                                                                                                                                                                                                                                                                                                                            SHA-256:2A25CC62CF47D1D7D6C90251CCF86611D4603B78D49B47C254DF48B165D8C99C
                                                                                                                                                                                                                                                                                                                                                            SHA-512:CF3C329E8C0160AA3ACA199F6B3C489400E71425A0058150E565B61107E11E7C27765E0FC7CA1E008A6AACE6C4053A33C3120E4D505A8B985EE0D1CD5A39DF73
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"e4f85075-9617-4c0b-a77b-ff6ecf9aeea1","creationDate":"2024-11-20T21:57:09.229Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.931897477554205
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLP0+p8P:gXiNFS+OcUGOdwiOdwBjkYL8c8P
                                                                                                                                                                                                                                                                                                                                                            MD5:8B3560CFC14650CF72FF01B987CC2BB9
                                                                                                                                                                                                                                                                                                                                                            SHA1:320620D9BE60C4D44FBBB172E6A916003660ED84
                                                                                                                                                                                                                                                                                                                                                            SHA-256:4B2D54679FD728BD7358DB1A162BA09B0A4643B1B6E4E5C25D7467C66BF9086F
                                                                                                                                                                                                                                                                                                                                                            SHA-512:5104081B9CB619E97AD45302E739A4626B94F2F13B449EE7B206FB3424DA0F0FC124EA661615439CE5AC2087959F96A88C48A31E0117D91C66E11B8B4189259C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.931897477554205
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLP0+p8P:gXiNFS+OcUGOdwiOdwBjkYL8c8P
                                                                                                                                                                                                                                                                                                                                                            MD5:8B3560CFC14650CF72FF01B987CC2BB9
                                                                                                                                                                                                                                                                                                                                                            SHA1:320620D9BE60C4D44FBBB172E6A916003660ED84
                                                                                                                                                                                                                                                                                                                                                            SHA-256:4B2D54679FD728BD7358DB1A162BA09B0A4643B1B6E4E5C25D7467C66BF9086F
                                                                                                                                                                                                                                                                                                                                                            SHA-512:5104081B9CB619E97AD45302E739A4626B94F2F13B449EE7B206FB3424DA0F0FC124EA661615439CE5AC2087959F96A88C48A31E0117D91C66E11B8B4189259C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                            MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                            SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                            SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                            SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07333858257979299
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiFEm3:DLhesh7Owd4+jiFn
                                                                                                                                                                                                                                                                                                                                                            MD5:36A14B75ED8E9AB7B0C6A88A2942338A
                                                                                                                                                                                                                                                                                                                                                            SHA1:8980F71BFBDF24C2945494537817CB03C51176D5
                                                                                                                                                                                                                                                                                                                                                            SHA-256:75A280B841D23DD50E0813A12AE7F77E9ABDD68B39D5EDCB83DE1C10B19C907D
                                                                                                                                                                                                                                                                                                                                                            SHA-512:99ED78B395E08BEF687024BC6BFF230CC83420E45B671B1919B7B705AD82C146A9710EF5E0C5BCE6F84063AE43C17B3464ADD69CE4317DA1D7012B084F770268
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.035615874395153645
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:GtlstFvigDZh5B94lstFvigDZh5BlXlT89//alEl:GtWtBWWtBf89XuM
                                                                                                                                                                                                                                                                                                                                                            MD5:51749170DB07995FEA092452F89564FD
                                                                                                                                                                                                                                                                                                                                                            SHA1:B447A021507FCF1D054E833510DF99A699C90A86
                                                                                                                                                                                                                                                                                                                                                            SHA-256:EB5D55AED88F3721CC1A39C68B1582157A7145802CECB434C28F014416DC015F
                                                                                                                                                                                                                                                                                                                                                            SHA-512:0DAD3704E4A1CC913DA0396B932897C0120CC7420099CC921A7124C4C1B349518F47A9C062A1BF2D83487D083FBFEF7777974F87D2B580FD0BE299D262274107
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:..-.....................8.A.......|k"rNl.:..6.B..-.....................8.A.......|k"rNl.:..6.B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.035023022135915946
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Ol1cTNAo3odKoN1gaKSrV//mwl8XW3R2:K2stN1gypuw93w
                                                                                                                                                                                                                                                                                                                                                            MD5:B0A683384DFEC7A2E809E74F79F782B1
                                                                                                                                                                                                                                                                                                                                                            SHA1:487EE4B7B0EC7BDD807D30D946E950F6FEEF7B0D
                                                                                                                                                                                                                                                                                                                                                            SHA-256:DD51AC3402BB35C74D3D7DAA73BCDA4DA64E2C00E281CC70F553BBEEE002094A
                                                                                                                                                                                                                                                                                                                                                            SHA-512:3D13CE652B4C86F7AC84E556943DA80E38EAA00DBBFBB2578635D5489ACDBB71E21EFE0E315C10999ECF32A7197CBD44B3B596A658587A4294799B9D923D9BBB
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:7....-.............|k"rNR^. Y(.0...........|k"rN.A.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467067750120203
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:mnTFTRRUYbBp6zLZNMGaXfW6qU4gmzy+/3/7sn5RYiNBw8d7Sl:MKeiFNMJj2yC2dwA0
                                                                                                                                                                                                                                                                                                                                                            MD5:D9A9440E9E2A77BDFDE15532E26704BD
                                                                                                                                                                                                                                                                                                                                                            SHA1:71F801D18F4FA4FD60A1D9271030AD90DB951D5D
                                                                                                                                                                                                                                                                                                                                                            SHA-256:0E2F4C828FFFD2E15D228EA43BCE4259E0610604F6BAB1794F03B4D253FAC165
                                                                                                                                                                                                                                                                                                                                                            SHA-512:571F97520626694A621830D3B166AD4526F8F7BB15F2685516725B4C51BA9950BACEC4FB71BEF45C41BF2CA54DEDEEBDEE9A6D29CFDA3FF913CD92F46D1954C2
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732139799);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732139799);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732139799);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173213
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467067750120203
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:mnTFTRRUYbBp6zLZNMGaXfW6qU4gmzy+/3/7sn5RYiNBw8d7Sl:MKeiFNMJj2yC2dwA0
                                                                                                                                                                                                                                                                                                                                                            MD5:D9A9440E9E2A77BDFDE15532E26704BD
                                                                                                                                                                                                                                                                                                                                                            SHA1:71F801D18F4FA4FD60A1D9271030AD90DB951D5D
                                                                                                                                                                                                                                                                                                                                                            SHA-256:0E2F4C828FFFD2E15D228EA43BCE4259E0610604F6BAB1794F03B4D253FAC165
                                                                                                                                                                                                                                                                                                                                                            SHA-512:571F97520626694A621830D3B166AD4526F8F7BB15F2685516725B4C51BA9950BACEC4FB71BEF45C41BF2CA54DEDEEBDEE9A6D29CFDA3FF913CD92F46D1954C2
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1732139799);..user_pref("app.update.lastUpdateTime.background-update-timer", 1732139799);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1732139799);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173213
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                            MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                            SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                            SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1577
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.33691080670962
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSNPLXnIgNR/pnxQwRlszT5sKL0G3eHVvwKXTLamhujJmyOOxmOmaot:GUpOx4VrnR6z3eNwCTL4JNKRhl
                                                                                                                                                                                                                                                                                                                                                            MD5:B808F7C65D454D39E4FFA80B4EA3B7E6
                                                                                                                                                                                                                                                                                                                                                            SHA1:477A42D6B7414D10EBDD12204746A31AC97984F6
                                                                                                                                                                                                                                                                                                                                                            SHA-256:7910D967E1519E28707DFA5FD5EF843BA343DB09A138F870EE18E5345830E6B4
                                                                                                                                                                                                                                                                                                                                                            SHA-512:BEFB4D7FD28525665506E19B6096E52045F51B913FBDB255D3D4B5264B04611F79CC768FB07AACFF61600A694E788B834DD24812C590709DF9404E04A95EF1DF
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{7bfa0137-c4a0-440b-bd0d-2f1472dcb50d}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732139803421,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...2,"startTim..`769048...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....773380,"originA
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1577
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.33691080670962
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSNPLXnIgNR/pnxQwRlszT5sKL0G3eHVvwKXTLamhujJmyOOxmOmaot:GUpOx4VrnR6z3eNwCTL4JNKRhl
                                                                                                                                                                                                                                                                                                                                                            MD5:B808F7C65D454D39E4FFA80B4EA3B7E6
                                                                                                                                                                                                                                                                                                                                                            SHA1:477A42D6B7414D10EBDD12204746A31AC97984F6
                                                                                                                                                                                                                                                                                                                                                            SHA-256:7910D967E1519E28707DFA5FD5EF843BA343DB09A138F870EE18E5345830E6B4
                                                                                                                                                                                                                                                                                                                                                            SHA-512:BEFB4D7FD28525665506E19B6096E52045F51B913FBDB255D3D4B5264B04611F79CC768FB07AACFF61600A694E788B834DD24812C590709DF9404E04A95EF1DF
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{7bfa0137-c4a0-440b-bd0d-2f1472dcb50d}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732139803421,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...2,"startTim..`769048...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....773380,"originA
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1577
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.33691080670962
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSNPLXnIgNR/pnxQwRlszT5sKL0G3eHVvwKXTLamhujJmyOOxmOmaot:GUpOx4VrnR6z3eNwCTL4JNKRhl
                                                                                                                                                                                                                                                                                                                                                            MD5:B808F7C65D454D39E4FFA80B4EA3B7E6
                                                                                                                                                                                                                                                                                                                                                            SHA1:477A42D6B7414D10EBDD12204746A31AC97984F6
                                                                                                                                                                                                                                                                                                                                                            SHA-256:7910D967E1519E28707DFA5FD5EF843BA343DB09A138F870EE18E5345830E6B4
                                                                                                                                                                                                                                                                                                                                                            SHA-512:BEFB4D7FD28525665506E19B6096E52045F51B913FBDB255D3D4B5264B04611F79CC768FB07AACFF61600A694E788B834DD24812C590709DF9404E04A95EF1DF
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{7bfa0137-c4a0-440b-bd0d-2f1472dcb50d}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1732139803421,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..jUpdate...2,"startTim..`769048...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....773380,"originA
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                            MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                            SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                            SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                            SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.008815371813602
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYcHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yccCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                            MD5:D5CB86CFCF9BAAA43BFA083B8E585C1F
                                                                                                                                                                                                                                                                                                                                                            SHA1:B71960AA68C91F97A03637E5A7ACAB70E01A31DB
                                                                                                                                                                                                                                                                                                                                                            SHA-256:5E73A527F7CB6E02DFE6CCBDDDFD4BBFDE2A9999673A3754AFF4D67424A789C2
                                                                                                                                                                                                                                                                                                                                                            SHA-512:B50EEAC5DAF632F82F40F4DC5202CB892E3D87044FFECA5BEB03C1396C595913A5A070C28E57F442C4CCDB635273561F748C3EE596B083C325C0ABBDF0E4B66F
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T21:56:19.258Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.008815371813602
                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYcHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yccCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                            MD5:D5CB86CFCF9BAAA43BFA083B8E585C1F
                                                                                                                                                                                                                                                                                                                                                            SHA1:B71960AA68C91F97A03637E5A7ACAB70E01A31DB
                                                                                                                                                                                                                                                                                                                                                            SHA-256:5E73A527F7CB6E02DFE6CCBDDDFD4BBFDE2A9999673A3754AFF4D67424A789C2
                                                                                                                                                                                                                                                                                                                                                            SHA-512:B50EEAC5DAF632F82F40F4DC5202CB892E3D87044FFECA5BEB03C1396C595913A5A070C28E57F442C4CCDB635273561F748C3EE596B083C325C0ABBDF0E4B66F
                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-20T21:56:19.258Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"
                                                                                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.592513082526213
                                                                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                            File name:file.exe
                                                                                                                                                                                                                                                                                                                                                            File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5:f8c0ebdfd99eee53899e32d8e4aed988
                                                                                                                                                                                                                                                                                                                                                            SHA1:545673e664526108dcac27a24c8fc13a67dc3843
                                                                                                                                                                                                                                                                                                                                                            SHA256:0a1bc24039aaa659832a7678aae827f1dcb79808697147b7b243904f5dc0c6fe
                                                                                                                                                                                                                                                                                                                                                            SHA512:5def865c81e128351fbdbdeba233a5ec8b48d3f68709d6d3a00fc844768bb62632a882ed9e0a0d8dc1e459ae88deaa442aec94f53e6e489697c595c7d119c894
                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgayTW1:1qDEvCTbMWu7rQYlBQcBiT6rprG8aSK
                                                                                                                                                                                                                                                                                                                                                            TLSH:14159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                                                                                                                                                                                                                                                                            Icon Hash:aaf3e3e3938382a0
                                                                                                                                                                                                                                                                                                                                                            Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                            Time Stamp:0x673E3B2B [Wed Nov 20 19:40:27 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                            Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A11144B3h
                                                                                                                                                                                                                                                                                                                                                            jmp 00007F50A1113DBFh
                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A1113F9Dh
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A1113F6Ah
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                            add eax, 04h
                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A1116B5Dh
                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A1116BA8h
                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                            call 00007F50A1116B91h
                                                                                                                                                                                                                                                                                                                                                            test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xa860.rsrc
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xdf0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                            .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                            .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                            .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                            .rsrc0xd40000xa8600xaa008ff34b3fe380b1a9114cc6f28b84a9aaFalse0.3690487132352941data5.652864034764808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                            .reloc0xdf0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                            RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                            RT_RCDATA0xdc7b80x1b26data1.0015827338129497
                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xde2e00x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xde3580x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xde36c0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xde3800x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                            RT_VERSION0xde3940xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                            RT_MANIFEST0xde4700x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                                                                                            WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                            MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                            WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                            IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                            USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                            UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                            USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                            GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                            SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                            OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                            EnglishGreat Britain
                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.668642044 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.668754101 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.669595957 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.677395105 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.677449942 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465096951 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465147972 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465581894 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.467119932 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.467135906 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.525741100 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.525783062 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.532254934 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.534941912 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.534961939 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.854161024 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.908430099 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.909142971 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.974725962 CET804972634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.988380909 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.988418102 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.988513947 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.989104033 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.989800930 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.989800930 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.992381096 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.111854076 CET804972634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.723834991 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.723861933 CET4434972734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.725308895 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.727046967 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.727060080 CET4434972734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.899986982 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900002956 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900070906 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.906974077 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.906985998 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.907217979 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.907233000 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.907341003 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.907478094 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.907489061 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.161665916 CET804972634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182399035 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182444096 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182833910 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182986975 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.183007956 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.206490993 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.254545927 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.255250931 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.259330034 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.259952068 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.263581038 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.263585091 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.263683081 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.263755083 CET44349723142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.264461994 CET49723443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.271331072 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.271403074 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.272114992 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.272248030 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275063038 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275077105 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275187969 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275240898 CET44349724142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275546074 CET49724443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275635004 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.275676012 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.276511908 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.277889967 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.277909994 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.376885891 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.496750116 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.498151064 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.498385906 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.620963097 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.254399061 CET4434972734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.255559921 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.259604931 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.259619951 CET4434972734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.259721041 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.259862900 CET4434972734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.260112047 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.260163069 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.260206938 CET49727443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.260622025 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.262032032 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.262058973 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.309727907 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.309851885 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.313045979 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.313055038 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.313301086 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.314905882 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.314992905 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.315043926 CET4434973435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.315164089 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.315181017 CET49734443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.319626093 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.325438976 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.328757048 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.328768015 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.328851938 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.329410076 CET4434973334.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.329464912 CET49733443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.474517107 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.475220919 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.478095055 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.478104115 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.478408098 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.480566025 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.480648041 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.480715990 CET4434973534.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.480803967 CET49735443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.644820929 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.658468962 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.658521891 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.686965942 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.687036037 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.695410967 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.697259903 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.697299957 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.718475103 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.718525887 CET4434974234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.720067978 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.720885038 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.722249985 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.722275972 CET4434974234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.778603077 CET804972634.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.778672934 CET4972680192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.779112101 CET804973734.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.779180050 CET4973780192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.797019005 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.797049999 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.797277927 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.797410011 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.797419071 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.825989962 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.826019049 CET4434974534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.826098919 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.827904940 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.827917099 CET4434974534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.840507984 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.842658997 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.843087912 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.863615990 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.863632917 CET4434974634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.863852978 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.865679026 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.865691900 CET4434974634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.962769985 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.025557995 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.025950909 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.026335001 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.027141094 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.031750917 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.031774044 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.031848907 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.031935930 CET44349736142.250.181.142192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.035589933 CET49736443192.168.2.6142.250.181.142
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.610310078 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.611253023 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.615478992 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.615516901 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.615566969 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.615957975 CET4434974034.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.616892099 CET49740443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.977215052 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.984817028 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.984832048 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.984899044 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.989283085 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.989335060 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.989388943 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.989588976 CET4434974134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.989856005 CET49741443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.014878035 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.019918919 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.073432922 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.075989962 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.078536987 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.078548908 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.078883886 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.080604076 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.080693007 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.080763102 CET4434974435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.080845118 CET49744443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.083039045 CET4434974234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.083116055 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.126211882 CET4434974534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.126283884 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.134821892 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.140372992 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.140376091 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.186722040 CET4434974634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.186918974 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.381309986 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.426279068 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.601535082 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.603924036 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.603948116 CET4434974234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.603960037 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.604559898 CET4434974234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.605345964 CET49742443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606316090 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606316090 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606336117 CET4434974534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606570959 CET4434974534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606638908 CET49745443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606894970 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606909990 CET4434974634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.606959105 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.607881069 CET4434974634.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.607945919 CET49746443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.721295118 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.762959003 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.827836037 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.829909086 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.929724932 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.947560072 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.949606895 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.949700117 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.949875116 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.969059944 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.969150066 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.969253063 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.970572948 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.970609903 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.070525885 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.171169043 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.182562113 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.182647943 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.214828014 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.103053093 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.148691893 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.345158100 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.345240116 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.349395037 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.349412918 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.349505901 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.349643946 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.350398064 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.939318895 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.940242052 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.059307098 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.060246944 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.255414009 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.263608932 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.301721096 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.323884010 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.070827007 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.070946932 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.072755098 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.074517965 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.074548960 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.336498976 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.336627960 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.363698006 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.363718033 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.363804102 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.363980055 CET4434977134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.372579098 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.376549006 CET49771443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.484118938 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.484225988 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.484277010 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.484338999 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.487833023 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.487863064 CET4434977934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.489602089 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491622925 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491625071 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491626024 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491774082 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491794109 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491893053 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.491923094 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.492636919 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.493417978 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.493434906 CET4434977934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.517575979 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.517599106 CET4434978034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.518049002 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.609360933 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.698132038 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.762151957 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.804784060 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.862374067 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.992253065 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.992286921 CET4434978034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.233845949 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.354407072 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.567281008 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.611350060 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.877434969 CET4434977934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.880255938 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.973778009 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.973793030 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.973855972 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.975208998 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.975222111 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.975261927 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.271199942 CET4434978034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.271285057 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.343624115 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.343662977 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.343996048 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.347275019 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.347306013 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.348357916 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.354711056 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.354749918 CET4434977934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.354794979 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355014086 CET4434977934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355544090 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355562925 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355652094 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355701923 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355772018 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.355782986 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.357841015 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.357933044 CET4434978034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.357969046 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.358207941 CET4434978034.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.359508038 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.359518051 CET49779443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.359524965 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.359539986 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.360073090 CET49780443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.966284037 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.966324091 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.966801882 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.966917038 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.966931105 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.997368097 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.000857115 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.000896931 CET4434978734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.001630068 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.003128052 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.003143072 CET4434978734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.021881104 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.021908045 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.023942947 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.024080992 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.024095058 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.117044926 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.312578917 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.369894981 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.714482069 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.834352970 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.040213108 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.087574959 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.238467932 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.238538980 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.249224901 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.249315023 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.262352943 CET4434978734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.262465000 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.433744907 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.433779001 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.434797049 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.437084913 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.437151909 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.437571049 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441298008 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441298008 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441519976 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441589117 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441771030 CET4434978634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441792011 CET4434978834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441963911 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.441981077 CET4434978734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.442121983 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.442224979 CET4434978734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.444082022 CET49788443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.444089890 CET49786443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:30.444118977 CET49787443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.553468943 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.558342934 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.558398962 CET4434979834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.558772087 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.560661077 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.560679913 CET4434979834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.672992945 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.868215084 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.871823072 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.913712978 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.991272926 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.195650101 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.245835066 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.820796013 CET4434979834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.820871115 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.825611115 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.825620890 CET4434979834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.825714111 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.825819016 CET4434979834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.825871944 CET49798443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.855246067 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.858930111 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.858980894 CET4434980434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.859214067 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.860615015 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.860635042 CET4434980434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.976401091 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.169948101 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.173937082 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.217466116 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.293797970 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.497692108 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.549612999 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.075901985 CET4434980434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.076023102 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.081125975 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.081135988 CET4434980434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.081264973 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.081406116 CET4434980434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.084723949 CET49804443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.086606979 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.206217051 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.401897907 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.405798912 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.444736958 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.527139902 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.729885101 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.791452885 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.992279053 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.992366076 CET4434982434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.993577003 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.995162010 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.995188951 CET4434982434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.213368893 CET4434982434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.213449955 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.222429037 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.222441912 CET4434982434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.222546101 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.222723961 CET4434982434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.224368095 CET49824443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.226524115 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.346553087 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.542205095 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.558235884 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.577203989 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.577267885 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.578349113 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.578593016 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.578610897 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.584851027 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.584898949 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.585094929 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.585298061 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.585314035 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.596801043 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.607047081 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.607081890 CET4434983535.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.612523079 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.614171982 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.614191055 CET4434983535.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.681726933 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732435942 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732506990 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732614994 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732770920 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732806921 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.873111010 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.873186111 CET4434983735.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.873322010 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.874797106 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.874818087 CET4434983735.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091269016 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.145175934 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.851018906 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.851270914 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.852530956 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.854667902 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.854684114 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.854893923 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.854996920 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.857811928 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.857835054 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.858124971 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861017942 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861124992 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861176014 CET4434983335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861361027 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861407042 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861551046 CET49833443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861557007 CET4434983434.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.861613035 CET49834443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.865793943 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.985318899 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.032278061 CET4434983535.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.032390118 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.036645889 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.036675930 CET4434983535.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.036760092 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.036986113 CET4434983535.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.037225962 CET49835443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.180278063 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.183949947 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.185353994 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.185971022 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.189528942 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.189551115 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.189829111 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.192347050 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.192430973 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.192504883 CET44349836151.101.193.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.199148893 CET49836443192.168.2.6151.101.193.91
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.201152086 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.201220036 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.201423883 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.201580048 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.201600075 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.204011917 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.204068899 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.204236984 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.204369068 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.204385996 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.207007885 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.207036972 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.207568884 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.207683086 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.207689047 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.209177017 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.280922890 CET4434983735.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.281090975 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.285315990 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.285331964 CET4434983735.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.285419941 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.285490990 CET4434983735.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.286140919 CET49837443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.301631927 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.301671028 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.301856041 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.302423954 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.302434921 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.304609060 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.330955029 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.508994102 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.527535915 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.530318022 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.571414948 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.652414083 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.856627941 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.903568983 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.417074919 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.417171001 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.419699907 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.419842958 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.420068979 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.420099974 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.420413017 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.422676086 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.422703028 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.422943115 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426153898 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426263094 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426331997 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426351070 CET4434984235.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426402092 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426464081 CET4434984335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426547050 CET49842443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.426657915 CET49843443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.430619955 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.465536118 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.465620041 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.468303919 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.468311071 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.468599081 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.470285892 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.470383883 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.470439911 CET4434984135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.470515013 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.470535994 CET49841443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.554467916 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.606756926 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.606837034 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.610465050 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.610485077 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.610943079 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.613854885 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.613907099 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.614195108 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.615338087 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.749871016 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.753381014 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.790591955 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.872838020 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:43.078625917 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:43.122675896 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:52.757285118 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:52.876760006 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:53.089374065 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:53.208973885 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.266622066 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.386257887 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.585333109 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.591850996 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.640664101 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.711452961 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.916223049 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.979737997 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.438802958 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.438927889 CET4434988734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.439399004 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.440840006 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.440877914 CET4434988734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.701196909 CET4434988734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.701318979 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.707432032 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.707467079 CET4434988734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.707618952 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.707701921 CET4434988734.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.707786083 CET49887443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.712083101 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.831933975 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.027924061 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.031363010 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.071167946 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.151648998 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.356080055 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.409892082 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924123049 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924174070 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924302101 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924341917 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924432993 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924452066 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924572945 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924582005 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924689054 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924725056 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924918890 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.924962997 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925497055 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925496101 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925664902 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925667048 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925667048 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925698042 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925796032 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925807953 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925863981 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925882101 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925930977 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.925939083 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926019907 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926143885 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926172972 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926182032 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926265001 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.926281929 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.030571938 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.150573969 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.173374891 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.173481941 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.177130938 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.177154064 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.178191900 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180190086 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180308104 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180407047 CET4434991334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180835009 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180881977 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180919886 CET49913443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.180984020 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.181122065 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.181139946 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.184788942 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.208383083 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.208496094 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.209757090 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.211627007 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.211641073 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.211813927 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.211910963 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.214241028 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.214255095 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.214582920 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.217576981 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.217679977 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.217761993 CET4434991434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218111038 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218166113 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218290091 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218360901 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218483925 CET4434991234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218606949 CET49914443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218635082 CET49912443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218652010 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218826056 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.218844891 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.221863031 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.223396063 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.224886894 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.224925995 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.227689981 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.227705002 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.228575945 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.230195045 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.230221987 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.230571032 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234340906 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234440088 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234560013 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234724998 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234765053 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234791040 CET4434991734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.234992981 CET49917443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.235002995 CET4434991534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.235094070 CET49915443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.272156000 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.272232056 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.275723934 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.275729895 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.276083946 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.278909922 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.279001951 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.279098034 CET4434991634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.281171083 CET49916443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.304337025 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.362728119 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.482376099 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.500462055 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.504544973 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.547673941 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.625731945 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.828557014 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.879836082 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.450551033 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.450803041 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.453608990 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.453617096 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.454019070 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.455990076 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.456098080 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.456208944 CET4434992234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.457060099 CET49922443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.458921909 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.484496117 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.484586000 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.487592936 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.487600088 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.488523006 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.490298986 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.490415096 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.490483999 CET4434992334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.490564108 CET49923443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.581235886 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.777214050 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.780183077 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.820240021 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.899658918 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:13.104496002 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:13.152348042 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:22.784323931 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:22.904011965 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:23.116425991 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:23.236521959 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:32.904375076 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:33.024662018 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:33.243030071 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:33.362951994 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.497113943 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.497168064 CET4434998934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.497549057 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.499213934 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.499243975 CET4434998934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.846815109 CET4434998934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.846920013 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.852827072 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.852858067 CET4434998934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.852948904 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.853050947 CET4434998934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.854284048 CET49989443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.856348038 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.975970984 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.171022892 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.175271034 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.218525887 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.299894094 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.505592108 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.557199955 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.185051918 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.304847002 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.517174959 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.636981964 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.314865112 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.434448957 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.647095919 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.767187119 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.434986115 CET4974380192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.556107998 CET804974334.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.767127037 CET4975480192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.887504101 CET804975434.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.669516087 CET6326453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.964669943 CET53632641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.966533899 CET5439453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.215198040 CET53543941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.326585054 CET5651253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.326883078 CET5497253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.464075089 CET53549721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465329885 CET6427653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.466450930 CET5583353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.604654074 CET53642761.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.605967999 CET53558331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.651671886 CET5114953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.651998997 CET5592753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.789019108 CET53511491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.790291071 CET53559271.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.191767931 CET5768553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.331146955 CET53576851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.724467993 CET6212453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.731162071 CET5439553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.899020910 CET53543951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900145054 CET6183753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900218010 CET53621241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900779009 CET6421353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.903832912 CET5463453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.986995935 CET5398053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.180903912 CET53642131.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181397915 CET53539801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181969881 CET53546341.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182625055 CET5591853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.183356047 CET5303953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.183532953 CET53618371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.184125900 CET6356853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.215336084 CET6520753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.236561060 CET5901753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.237992048 CET6059053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.319772005 CET53559181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.320566893 CET5958253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.321629047 CET53530391.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.321882010 CET53635681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.353180885 CET53652071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.374146938 CET53590171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.460541964 CET53595821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.735481977 CET6274153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.109915018 CET6056753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.250078917 CET53605671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.257586002 CET5966453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.259892941 CET53653871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.394865036 CET53596641.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.400847912 CET6416753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.542388916 CET53641671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.724158049 CET5493853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.826421022 CET6198753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.862669945 CET53549381.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.863789082 CET4969453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.964585066 CET53619871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.993422985 CET5964653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.001396894 CET53496941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.025660992 CET6331853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.131164074 CET53596461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.163096905 CET53633181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.642724037 CET6327953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.657088995 CET5601753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.657362938 CET5079553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.780172110 CET53632791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794526100 CET53507951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET53560171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894526005 CET4916353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894759893 CET6038553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894994020 CET5180353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET53491631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.040385008 CET53603851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041189909 CET53518031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041477919 CET5860953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041959047 CET6328453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.042237997 CET6460453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179012060 CET53586091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179894924 CET53646041.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.182506084 CET53632841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.183628082 CET5258753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.189572096 CET6396953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.189572096 CET6432653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.320832014 CET53525871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.329235077 CET53639691.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.330574036 CET5383753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET53643261.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331757069 CET4950553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.343836069 CET6514253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.467684984 CET53538371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.468444109 CET5300253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.470838070 CET53495051.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.471484900 CET5840853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.480757952 CET53651421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.487181902 CET6387453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.608114004 CET53530021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.610033989 CET53584081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.624408960 CET53638741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.086297035 CET5885953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.223881960 CET53588591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.374135017 CET4920153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.515821934 CET53492011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.516927004 CET4987053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.661513090 CET53498701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.558701038 CET5122253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.698281050 CET53512221.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.991952896 CET6324453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:38.131705999 CET53632441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.577564001 CET4927453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.581536055 CET6191253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.620126963 CET6144853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.720385075 CET53492741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.731061935 CET53619121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732537031 CET5728753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.871824026 CET53614481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.873287916 CET6527653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091232061 CET53572871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091491938 CET53652761.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.092485905 CET6549953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.093389988 CET6241653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.230684042 CET53624161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.232619047 CET53654991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.267013073 CET4929653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.439250946 CET5562753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.581501961 CET53556271.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.917701006 CET5963753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:10.060853004 CET53596371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.354024887 CET6308553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.495877981 CET53630851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.497543097 CET5628853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.714970112 CET5628853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.766123056 CET53562881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.884135962 CET53562881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.669516087 CET192.168.2.61.1.1.10x21b5Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.966533899 CET192.168.2.61.1.1.10x8d76Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.326585054 CET192.168.2.61.1.1.10xd4f4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.326883078 CET192.168.2.61.1.1.10xd39fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465329885 CET192.168.2.61.1.1.10x83c1Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.466450930 CET192.168.2.61.1.1.10x1915Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.651671886 CET192.168.2.61.1.1.10x8842Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.651998997 CET192.168.2.61.1.1.10xf828Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.191767931 CET192.168.2.61.1.1.10xfa38Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.724467993 CET192.168.2.61.1.1.10x7c73Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.731162071 CET192.168.2.61.1.1.10xc828Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900145054 CET192.168.2.61.1.1.10xe05cStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900779009 CET192.168.2.61.1.1.10x6b0eStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.903832912 CET192.168.2.61.1.1.10x5a54Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.986995935 CET192.168.2.61.1.1.10x94f8Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.182625055 CET192.168.2.61.1.1.10x9d92Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.183356047 CET192.168.2.61.1.1.10xb7d1Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.184125900 CET192.168.2.61.1.1.10xa7b2Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.215336084 CET192.168.2.61.1.1.10xb644Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.236561060 CET192.168.2.61.1.1.10x75bbStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.237992048 CET192.168.2.61.1.1.10xf631Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.320566893 CET192.168.2.61.1.1.10xfd86Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.735481977 CET192.168.2.61.1.1.10x87f0Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.109915018 CET192.168.2.61.1.1.10xdd69Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.257586002 CET192.168.2.61.1.1.10xe554Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.400847912 CET192.168.2.61.1.1.10xd612Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.724158049 CET192.168.2.61.1.1.10x170Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.826421022 CET192.168.2.61.1.1.10x9cf4Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.863789082 CET192.168.2.61.1.1.10x8e00Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.993422985 CET192.168.2.61.1.1.10x9b7bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.025660992 CET192.168.2.61.1.1.10x584Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.642724037 CET192.168.2.61.1.1.10x9f70Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.657088995 CET192.168.2.61.1.1.10x8387Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.657362938 CET192.168.2.61.1.1.10xcd64Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894526005 CET192.168.2.61.1.1.10x5a8aStandard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894759893 CET192.168.2.61.1.1.10x646fStandard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.894994020 CET192.168.2.61.1.1.10x902fStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041477919 CET192.168.2.61.1.1.10x532aStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041959047 CET192.168.2.61.1.1.10x1c98Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.042237997 CET192.168.2.61.1.1.10x6ddfStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.183628082 CET192.168.2.61.1.1.10x851eStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.189572096 CET192.168.2.61.1.1.10x33f2Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.189572096 CET192.168.2.61.1.1.10x58bdStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.330574036 CET192.168.2.61.1.1.10x8cf5Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331757069 CET192.168.2.61.1.1.10xed50Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.343836069 CET192.168.2.61.1.1.10x7078Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.468444109 CET192.168.2.61.1.1.10x4f9eStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.471484900 CET192.168.2.61.1.1.10x5964Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.487181902 CET192.168.2.61.1.1.10x8aa5Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:24.086297035 CET192.168.2.61.1.1.10x5530Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.374135017 CET192.168.2.61.1.1.10xe3eaStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.516927004 CET192.168.2.61.1.1.10xd84aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.558701038 CET192.168.2.61.1.1.10x1bb0Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:37.991952896 CET192.168.2.61.1.1.10x65a5Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.577564001 CET192.168.2.61.1.1.10xd584Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.581536055 CET192.168.2.61.1.1.10x6703Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.620126963 CET192.168.2.61.1.1.10xbe78Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.732537031 CET192.168.2.61.1.1.10x37d3Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.873287916 CET192.168.2.61.1.1.10x8d9aStandard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.092485905 CET192.168.2.61.1.1.10x1514Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.093389988 CET192.168.2.61.1.1.10x20f2Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.267013073 CET192.168.2.61.1.1.10xcb36Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:59.439250946 CET192.168.2.61.1.1.10xb457Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.917701006 CET192.168.2.61.1.1.10xa225Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.354024887 CET192.168.2.61.1.1.10xa39Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.497543097 CET192.168.2.61.1.1.10xee25Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.714970112 CET192.168.2.61.1.1.10xee25Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:01.022069931 CET1.1.1.1192.168.2.60xb49cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:01.022069931 CET1.1.1.1192.168.2.60xb49cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.663438082 CET1.1.1.1192.168.2.60xfc12No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:10.964669943 CET1.1.1.1192.168.2.60x21b5No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.464075089 CET1.1.1.1192.168.2.60xd39fNo error (0)youtube.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465116024 CET1.1.1.1192.168.2.60xd4f4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.465116024 CET1.1.1.1192.168.2.60xd4f4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.604654074 CET1.1.1.1192.168.2.60x83c1No error (0)youtube.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.605967999 CET1.1.1.1192.168.2.60x1915No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.789019108 CET1.1.1.1192.168.2.60x8842No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.790291071 CET1.1.1.1192.168.2.60xf828No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.331146955 CET1.1.1.1192.168.2.60xfa38No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.899020910 CET1.1.1.1192.168.2.60xc828No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.899020910 CET1.1.1.1192.168.2.60xc828No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.900218010 CET1.1.1.1192.168.2.60x7c73No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.902908087 CET1.1.1.1192.168.2.60xd08fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:12.902908087 CET1.1.1.1192.168.2.60xd08fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181397915 CET1.1.1.1192.168.2.60x94f8No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181397915 CET1.1.1.1192.168.2.60x94f8No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181397915 CET1.1.1.1192.168.2.60x94f8No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.181969881 CET1.1.1.1192.168.2.60x5a54No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.183532953 CET1.1.1.1192.168.2.60xe05cNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.319772005 CET1.1.1.1192.168.2.60x9d92No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.353180885 CET1.1.1.1192.168.2.60xb644No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.374146938 CET1.1.1.1192.168.2.60x75bbNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.374146938 CET1.1.1.1192.168.2.60x75bbNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.375852108 CET1.1.1.1192.168.2.60xf631No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.375852108 CET1.1.1.1192.168.2.60xf631No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.460541964 CET1.1.1.1192.168.2.60xfd86No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.877732038 CET1.1.1.1192.168.2.60x87f0No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.250078917 CET1.1.1.1192.168.2.60xdd69No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.394865036 CET1.1.1.1192.168.2.60xe554No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.796169043 CET1.1.1.1192.168.2.60xf005No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.796169043 CET1.1.1.1192.168.2.60xf005No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.824903965 CET1.1.1.1192.168.2.60xd9c8No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.862669945 CET1.1.1.1192.168.2.60x170No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.862669945 CET1.1.1.1192.168.2.60x170No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.964585066 CET1.1.1.1192.168.2.60x9cf4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.001396894 CET1.1.1.1192.168.2.60x8e00No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.968122959 CET1.1.1.1192.168.2.60xc8c0No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.780172110 CET1.1.1.1192.168.2.60x9f70No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.780172110 CET1.1.1.1192.168.2.60x9f70No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.780172110 CET1.1.1.1192.168.2.60x9f70No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794526100 CET1.1.1.1192.168.2.60xcd64No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794526100 CET1.1.1.1192.168.2.60xcd64No error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.794593096 CET1.1.1.1192.168.2.60x8387No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.039870024 CET1.1.1.1192.168.2.60x5a8aNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.040385008 CET1.1.1.1192.168.2.60x646fNo error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.041189909 CET1.1.1.1192.168.2.60x902fNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179012060 CET1.1.1.1192.168.2.60x532aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179012060 CET1.1.1.1192.168.2.60x532aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179012060 CET1.1.1.1192.168.2.60x532aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.179012060 CET1.1.1.1192.168.2.60x532aNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.182506084 CET1.1.1.1192.168.2.60x1c98No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.320832014 CET1.1.1.1192.168.2.60x851eNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.320832014 CET1.1.1.1192.168.2.60x851eNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.329235077 CET1.1.1.1192.168.2.60x33f2No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET1.1.1.1192.168.2.60x58bdNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET1.1.1.1192.168.2.60x58bdNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET1.1.1.1192.168.2.60x58bdNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET1.1.1.1192.168.2.60x58bdNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.331089973 CET1.1.1.1192.168.2.60x58bdNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.467684984 CET1.1.1.1192.168.2.60x8cf5No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.470838070 CET1.1.1.1192.168.2.60xed50No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.470838070 CET1.1.1.1192.168.2.60xed50No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.470838070 CET1.1.1.1192.168.2.60xed50No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.470838070 CET1.1.1.1192.168.2.60xed50No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.480757952 CET1.1.1.1192.168.2.60x7078No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.624408960 CET1.1.1.1192.168.2.60x8aa5No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.515821934 CET1.1.1.1192.168.2.60xe3eaNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.731061935 CET1.1.1.1192.168.2.60x6703No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.731061935 CET1.1.1.1192.168.2.60x6703No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.731061935 CET1.1.1.1192.168.2.60x6703No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.731061935 CET1.1.1.1192.168.2.60x6703No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.871824026 CET1.1.1.1192.168.2.60xbe78No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.871824026 CET1.1.1.1192.168.2.60xbe78No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091232061 CET1.1.1.1192.168.2.60x37d3No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091232061 CET1.1.1.1192.168.2.60x37d3No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091232061 CET1.1.1.1192.168.2.60x37d3No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091232061 CET1.1.1.1192.168.2.60x37d3No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091491938 CET1.1.1.1192.168.2.60x8d9aNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.232619047 CET1.1.1.1192.168.2.60x1514No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.232619047 CET1.1.1.1192.168.2.60x1514No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.232619047 CET1.1.1.1192.168.2.60x1514No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.232619047 CET1.1.1.1192.168.2.60x1514No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:43.269790888 CET1.1.1.1192.168.2.60x3ca8No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:43.269790888 CET1.1.1.1192.168.2.60x3ca8No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.665606976 CET1.1.1.1192.168.2.60xcb36No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.665606976 CET1.1.1.1192.168.2.60xcb36No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:09.899557114 CET1.1.1.1192.168.2.60x614No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:41.495877981 CET1.1.1.1192.168.2.60xa39No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                            • detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                            0192.168.2.64972634.107.221.82802864C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:11.992381096 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.161665916 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:56:12 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 40140
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                            1192.168.2.64973734.107.221.82802864C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:13.498385906 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.644820929 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42129
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                            2192.168.2.64974334.107.221.82802864C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:14.843087912 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:15.977215052 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9078
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.019918919 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.381309986 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9079
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.827836037 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:17.171169043 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9080
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.940242052 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.255414009 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9083
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.489602089 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.804784060 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9088
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:27.997368097 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.312578917 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9091
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.553468943 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.868215084 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9094
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.855246067 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.169948101 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9096
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.086606979 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.401897907 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9097
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.226524115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.542205095 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9102
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.865793943 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.180278063 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9104
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.209177017 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.527535915 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9104
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.430619955 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.749871016 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9105
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:52.757285118 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.266622066 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.585333109 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9117
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:00.712083101 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.027924061 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9123
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.030571938 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.184788942 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.500462055 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9134
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.458921909 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.777214050 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9135
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:22.784323931 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:32.904375076 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:42.856348038 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.171022892 CET297INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 17:33:57 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 9166
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.185051918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.314865112 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.434986115 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                            3192.168.2.64975234.107.221.82802864C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.601535082 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                            4192.168.2.64975434.107.221.82802864C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:16.949875116 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:18.103053093 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42132
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:19.939318895 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:20.263608932 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42135
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.372579098 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:25.698132038 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42140
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.233845949 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:26.567281008 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42141
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:28.714482069 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:29.040213108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42143
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:31.871823072 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:32.195650101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42147
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.173937082 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:33.497692108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42148
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.405798912 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:34.729885101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42149
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:39.558235884 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:40.091269016 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42154
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.183949947 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.508994102 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42156
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.530318022 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:41.856627941 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42156
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:42.753381014 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:43.078625917 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42157
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:53.089374065 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.591850996 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:05:54.916223049 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42169
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.031363010 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:01.356080055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42176
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.362728119 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.504544973 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:11.828557014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42186
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:12.780183077 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:13.104496002 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42187
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:23.116425991 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:33.243030071 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.175271034 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:43.505592108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                            Date: Wed, 20 Nov 2024 08:23:05 GMT
                                                                                                                                                                                                                                                                                                                                                            Age: 42218
                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:06:53.517174959 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:03.647095919 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                            Nov 20, 2024 21:07:13.767127037 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:03
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x220000
                                                                                                                                                                                                                                                                                                                                                            File size:922'624 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:F8C0EBDFD99EEE53899E32D8E4AED988
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:03
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:03
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:06
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:07
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x190000
                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:07
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:07
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:07
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:07
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:08
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2288 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5bf9b5-84ac-4044-9d68-cc7a2e284fb2} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 16333270f10 socket
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:09
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf227e4f-5dc3-43be-85a4-53f86739f9d1} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163459df510 rdd
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                                                                                            Start time:15:05:13
                                                                                                                                                                                                                                                                                                                                                            Start date:20/11/2024
                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4880 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a32dfac-dcd2-4e81-916d-59d797ae6bfc} 2864 "\\.\pipe\gecko-crash-server-pipe.2864" 163451c5f10 utility
                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                                                              Execution Coverage:2%
                                                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                              Signature Coverage:6.7%
                                                                                                                                                                                                                                                                                                                                                              Total number of Nodes:1557
                                                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:53
                                                                                                                                                                                                                                                                                                                                                              execution_graph 94349 222de3 94350 222df0 __wsopen_s 94349->94350 94351 222e09 94350->94351 94352 262c2b ___scrt_fastfail 94350->94352 94365 223aa2 94351->94365 94354 262c47 GetOpenFileNameW 94352->94354 94356 262c96 94354->94356 94423 226b57 94356->94423 94360 262cab 94360->94360 94362 222e27 94393 2244a8 94362->94393 94435 261f50 94365->94435 94368 223ae9 94441 22a6c3 94368->94441 94369 223ace 94370 226b57 22 API calls 94369->94370 94372 223ada 94370->94372 94437 2237a0 94372->94437 94375 222da5 94376 261f50 __wsopen_s 94375->94376 94377 222db2 GetLongPathNameW 94376->94377 94378 226b57 22 API calls 94377->94378 94379 222dda 94378->94379 94380 223598 94379->94380 94492 22a961 94380->94492 94383 223aa2 23 API calls 94384 2235b5 94383->94384 94385 2235c0 94384->94385 94386 2632eb 94384->94386 94497 22515f 94385->94497 94390 26330d 94386->94390 94509 23ce60 41 API calls 94386->94509 94392 2235df 94392->94362 94510 224ecb 94393->94510 94396 263833 94532 292cf9 94396->94532 94398 224ecb 94 API calls 94400 2244e1 94398->94400 94399 263848 94401 26384c 94399->94401 94402 263869 94399->94402 94400->94396 94403 2244e9 94400->94403 94559 224f39 94401->94559 94407 23fe0b 22 API calls 94402->94407 94404 263854 94403->94404 94405 2244f5 94403->94405 94565 28da5a 82 API calls 94404->94565 94558 22940c 136 API calls 2 library calls 94405->94558 94422 2638ae 94407->94422 94410 222e31 94411 263862 94411->94402 94412 263a5f 94417 263a67 94412->94417 94413 224f39 68 API calls 94413->94417 94417->94413 94571 28989b 82 API calls __wsopen_s 94417->94571 94419 229cb3 22 API calls 94419->94422 94422->94412 94422->94417 94422->94419 94566 28967e 22 API calls __fread_nolock 94422->94566 94567 2895ad 42 API calls _wcslen 94422->94567 94568 290b5a 22 API calls 94422->94568 94569 22a4a1 22 API calls __fread_nolock 94422->94569 94570 223ff7 22 API calls 94422->94570 94424 226b67 _wcslen 94423->94424 94425 264ba1 94423->94425 94428 226ba2 94424->94428 94429 226b7d 94424->94429 94426 2293b2 22 API calls 94425->94426 94427 264baa 94426->94427 94427->94427 94431 23fddb 22 API calls 94428->94431 94855 226f34 22 API calls 94429->94855 94432 226bae 94431->94432 94433 23fe0b 22 API calls 94432->94433 94434 226b85 __fread_nolock 94433->94434 94434->94360 94436 223aaf GetFullPathNameW 94435->94436 94436->94368 94436->94369 94438 2237ae 94437->94438 94447 2293b2 94438->94447 94440 222e12 94440->94375 94442 22a6d0 94441->94442 94443 22a6dd 94441->94443 94442->94372 94444 23fddb 22 API calls 94443->94444 94445 22a6e7 94444->94445 94446 23fe0b 22 API calls 94445->94446 94446->94442 94448 2293c0 94447->94448 94450 2293c9 __fread_nolock 94447->94450 94448->94450 94451 22aec9 94448->94451 94450->94440 94452 22aedc 94451->94452 94456 22aed9 __fread_nolock 94451->94456 94457 23fddb 94452->94457 94454 22aee7 94467 23fe0b 94454->94467 94456->94450 94459 23fde0 94457->94459 94460 23fdfa 94459->94460 94464 23fdfc 94459->94464 94477 24ea0c 94459->94477 94484 244ead 7 API calls 2 library calls 94459->94484 94460->94454 94462 24066d 94486 2432a4 RaiseException 94462->94486 94464->94462 94485 2432a4 RaiseException 94464->94485 94466 24068a 94466->94454 94469 23fddb 94467->94469 94468 24ea0c ___std_exception_copy 21 API calls 94468->94469 94469->94468 94470 23fdfa 94469->94470 94474 23fdfc 94469->94474 94489 244ead 7 API calls 2 library calls 94469->94489 94470->94456 94472 24066d 94491 2432a4 RaiseException 94472->94491 94474->94472 94490 2432a4 RaiseException 94474->94490 94476 24068a 94476->94456 94481 253820 pair 94477->94481 94478 25385e 94488 24f2d9 20 API calls _abort 94478->94488 94479 253849 RtlAllocateHeap 94479->94481 94482 25385c 94479->94482 94481->94478 94481->94479 94487 244ead 7 API calls 2 library calls 94481->94487 94482->94459 94484->94459 94485->94462 94486->94466 94487->94481 94488->94482 94489->94469 94490->94472 94491->94476 94493 23fe0b 22 API calls 94492->94493 94494 22a976 94493->94494 94495 23fddb 22 API calls 94494->94495 94496 2235aa 94495->94496 94496->94383 94498 22516e 94497->94498 94502 22518f __fread_nolock 94497->94502 94500 23fe0b 22 API calls 94498->94500 94499 23fddb 22 API calls 94501 2235cc 94499->94501 94500->94502 94503 2235f3 94501->94503 94502->94499 94504 223605 94503->94504 94508 223624 __fread_nolock 94503->94508 94506 23fe0b 22 API calls 94504->94506 94505 23fddb 22 API calls 94507 22363b 94505->94507 94506->94508 94507->94392 94508->94505 94509->94386 94572 224e90 LoadLibraryA 94510->94572 94515 224ef6 LoadLibraryExW 94580 224e59 LoadLibraryA 94515->94580 94516 263ccf 94517 224f39 68 API calls 94516->94517 94520 263cd6 94517->94520 94522 224e59 3 API calls 94520->94522 94524 263cde 94522->94524 94523 224f20 94523->94524 94525 224f2c 94523->94525 94602 2250f5 40 API calls __fread_nolock 94524->94602 94526 224f39 68 API calls 94525->94526 94528 2244cd 94526->94528 94528->94396 94528->94398 94529 263cf5 94603 2928fe 27 API calls 94529->94603 94531 263d05 94533 292d15 94532->94533 94686 22511f 64 API calls 94533->94686 94535 292d29 94687 292e66 75 API calls 94535->94687 94537 292d3b 94556 292d3f 94537->94556 94688 2250f5 40 API calls __fread_nolock 94537->94688 94539 292d56 94689 2250f5 40 API calls __fread_nolock 94539->94689 94541 292d66 94690 2250f5 40 API calls __fread_nolock 94541->94690 94543 292d81 94691 2250f5 40 API calls __fread_nolock 94543->94691 94545 292d9c 94692 22511f 64 API calls 94545->94692 94547 292db3 94548 24ea0c ___std_exception_copy 21 API calls 94547->94548 94549 292dba 94548->94549 94550 24ea0c ___std_exception_copy 21 API calls 94549->94550 94551 292dc4 94550->94551 94693 2250f5 40 API calls __fread_nolock 94551->94693 94553 292dd8 94694 2928fe 27 API calls 94553->94694 94555 292dee 94555->94556 94695 2922ce 94555->94695 94556->94399 94558->94410 94560 224f43 94559->94560 94562 224f4a 94559->94562 94561 24e678 67 API calls 94560->94561 94561->94562 94563 224f6a FreeLibrary 94562->94563 94564 224f59 94562->94564 94563->94564 94564->94404 94565->94411 94566->94422 94567->94422 94568->94422 94569->94422 94570->94422 94571->94417 94573 224ec6 94572->94573 94574 224ea8 GetProcAddress 94572->94574 94577 24e5eb 94573->94577 94575 224eb8 94574->94575 94575->94573 94576 224ebf FreeLibrary 94575->94576 94576->94573 94604 24e52a 94577->94604 94579 224eea 94579->94515 94579->94516 94581 224e6e GetProcAddress 94580->94581 94582 224e8d 94580->94582 94583 224e7e 94581->94583 94585 224f80 94582->94585 94583->94582 94584 224e86 FreeLibrary 94583->94584 94584->94582 94586 23fe0b 22 API calls 94585->94586 94587 224f95 94586->94587 94672 225722 94587->94672 94589 224fa1 __fread_nolock 94590 2250a5 94589->94590 94591 263d1d 94589->94591 94601 224fdc 94589->94601 94675 2242a2 CreateStreamOnHGlobal 94590->94675 94683 29304d 74 API calls 94591->94683 94594 263d22 94684 22511f 64 API calls 94594->94684 94597 263d45 94685 2250f5 40 API calls __fread_nolock 94597->94685 94600 22506e ISource 94600->94523 94601->94594 94601->94600 94681 2250f5 40 API calls __fread_nolock 94601->94681 94682 22511f 64 API calls 94601->94682 94602->94529 94603->94531 94607 24e536 CallCatchBlock 94604->94607 94605 24e544 94629 24f2d9 20 API calls _abort 94605->94629 94607->94605 94609 24e574 94607->94609 94608 24e549 94630 2527ec 26 API calls _strftime 94608->94630 94611 24e586 94609->94611 94612 24e579 94609->94612 94621 258061 94611->94621 94631 24f2d9 20 API calls _abort 94612->94631 94615 24e58f 94617 24e595 94615->94617 94618 24e5a2 94615->94618 94616 24e554 __fread_nolock 94616->94579 94632 24f2d9 20 API calls _abort 94617->94632 94633 24e5d4 LeaveCriticalSection __fread_nolock 94618->94633 94622 25806d CallCatchBlock 94621->94622 94634 252f5e EnterCriticalSection 94622->94634 94624 25807b 94635 2580fb 94624->94635 94628 2580ac __fread_nolock 94628->94615 94629->94608 94630->94616 94631->94616 94632->94616 94633->94616 94634->94624 94636 25811e 94635->94636 94637 258177 94636->94637 94643 258088 94636->94643 94651 24918d EnterCriticalSection 94636->94651 94652 2491a1 LeaveCriticalSection 94636->94652 94653 254c7d 94637->94653 94642 258189 94642->94643 94666 253405 11 API calls 2 library calls 94642->94666 94648 2580b7 94643->94648 94645 2581a8 94667 24918d EnterCriticalSection 94645->94667 94671 252fa6 LeaveCriticalSection 94648->94671 94650 2580be 94650->94628 94651->94636 94652->94636 94658 254c8a pair 94653->94658 94654 254cca 94669 24f2d9 20 API calls _abort 94654->94669 94655 254cb5 RtlAllocateHeap 94656 254cc8 94655->94656 94655->94658 94660 2529c8 94656->94660 94658->94654 94658->94655 94668 244ead 7 API calls 2 library calls 94658->94668 94661 2529fc _free 94660->94661 94662 2529d3 RtlFreeHeap 94660->94662 94661->94642 94662->94661 94663 2529e8 94662->94663 94670 24f2d9 20 API calls _abort 94663->94670 94665 2529ee GetLastError 94665->94661 94666->94645 94667->94643 94668->94658 94669->94656 94670->94665 94671->94650 94673 23fddb 22 API calls 94672->94673 94674 225734 94673->94674 94674->94589 94676 2242bc FindResourceExW 94675->94676 94680 2242d9 94675->94680 94677 2635ba LoadResource 94676->94677 94676->94680 94678 2635cf SizeofResource 94677->94678 94677->94680 94679 2635e3 LockResource 94678->94679 94678->94680 94679->94680 94680->94601 94681->94601 94682->94601 94683->94594 94684->94597 94685->94600 94686->94535 94687->94537 94688->94539 94689->94541 94690->94543 94691->94545 94692->94547 94693->94553 94694->94555 94696 2922d9 94695->94696 94697 2922e7 94695->94697 94698 24e5eb 29 API calls 94696->94698 94699 29232c 94697->94699 94700 24e5eb 29 API calls 94697->94700 94711 2922f0 94697->94711 94698->94697 94724 292557 40 API calls __fread_nolock 94699->94724 94702 292311 94700->94702 94702->94699 94704 29231a 94702->94704 94703 292370 94705 292395 94703->94705 94706 292374 94703->94706 94704->94711 94732 24e678 94704->94732 94725 292171 94705->94725 94707 292381 94706->94707 94710 24e678 67 API calls 94706->94710 94707->94711 94713 24e678 67 API calls 94707->94713 94710->94707 94711->94556 94712 29239d 94714 2923c3 94712->94714 94716 2923a3 94712->94716 94713->94711 94745 2923f3 74 API calls 94714->94745 94717 2923b0 94716->94717 94718 24e678 67 API calls 94716->94718 94717->94711 94719 24e678 67 API calls 94717->94719 94718->94717 94719->94711 94720 2923de 94720->94711 94723 24e678 67 API calls 94720->94723 94721 2923ca 94721->94720 94722 24e678 67 API calls 94721->94722 94722->94720 94723->94711 94724->94703 94726 24ea0c ___std_exception_copy 21 API calls 94725->94726 94727 29217f 94726->94727 94728 24ea0c ___std_exception_copy 21 API calls 94727->94728 94729 292190 94728->94729 94730 24ea0c ___std_exception_copy 21 API calls 94729->94730 94731 29219c 94730->94731 94731->94712 94733 24e684 CallCatchBlock 94732->94733 94734 24e695 94733->94734 94735 24e6aa 94733->94735 94763 24f2d9 20 API calls _abort 94734->94763 94737 24e6a5 __fread_nolock 94735->94737 94746 24918d EnterCriticalSection 94735->94746 94737->94711 94739 24e69a 94764 2527ec 26 API calls _strftime 94739->94764 94740 24e6c6 94747 24e602 94740->94747 94743 24e6d1 94765 24e6ee LeaveCriticalSection __fread_nolock 94743->94765 94745->94721 94746->94740 94748 24e624 94747->94748 94749 24e60f 94747->94749 94755 24e61f 94748->94755 94766 24dc0b 94748->94766 94798 24f2d9 20 API calls _abort 94749->94798 94751 24e614 94799 2527ec 26 API calls _strftime 94751->94799 94755->94743 94759 24e646 94783 25862f 94759->94783 94762 2529c8 _free 20 API calls 94762->94755 94763->94739 94764->94737 94765->94737 94767 24dc23 94766->94767 94771 24dc1f 94766->94771 94768 24d955 __fread_nolock 26 API calls 94767->94768 94767->94771 94769 24dc43 94768->94769 94800 2559be 62 API calls 6 library calls 94769->94800 94772 254d7a 94771->94772 94773 24e640 94772->94773 94774 254d90 94772->94774 94776 24d955 94773->94776 94774->94773 94775 2529c8 _free 20 API calls 94774->94775 94775->94773 94777 24d976 94776->94777 94778 24d961 94776->94778 94777->94759 94801 24f2d9 20 API calls _abort 94778->94801 94780 24d966 94802 2527ec 26 API calls _strftime 94780->94802 94782 24d971 94782->94759 94784 258653 94783->94784 94785 25863e 94783->94785 94786 25868e 94784->94786 94790 25867a 94784->94790 94806 24f2c6 20 API calls _abort 94785->94806 94808 24f2c6 20 API calls _abort 94786->94808 94789 258643 94807 24f2d9 20 API calls _abort 94789->94807 94803 258607 94790->94803 94791 258693 94809 24f2d9 20 API calls _abort 94791->94809 94795 25869b 94810 2527ec 26 API calls _strftime 94795->94810 94796 24e64c 94796->94755 94796->94762 94798->94751 94799->94755 94800->94771 94801->94780 94802->94782 94811 258585 94803->94811 94805 25862b 94805->94796 94806->94789 94807->94796 94808->94791 94809->94795 94810->94796 94812 258591 CallCatchBlock 94811->94812 94822 255147 EnterCriticalSection 94812->94822 94814 25859f 94815 2585c6 94814->94815 94816 2585d1 94814->94816 94823 2586ae 94815->94823 94838 24f2d9 20 API calls _abort 94816->94838 94819 2585cc 94839 2585fb LeaveCriticalSection __wsopen_s 94819->94839 94821 2585ee __fread_nolock 94821->94805 94822->94814 94840 2553c4 94823->94840 94825 2586c4 94853 255333 21 API calls 3 library calls 94825->94853 94826 2586be 94826->94825 94827 2586f6 94826->94827 94829 2553c4 __wsopen_s 26 API calls 94826->94829 94827->94825 94830 2553c4 __wsopen_s 26 API calls 94827->94830 94832 2586ed 94829->94832 94833 258702 CloseHandle 94830->94833 94831 25871c 94834 25873e 94831->94834 94854 24f2a3 20 API calls 2 library calls 94831->94854 94835 2553c4 __wsopen_s 26 API calls 94832->94835 94833->94825 94836 25870e GetLastError 94833->94836 94834->94819 94835->94827 94836->94825 94838->94819 94839->94821 94841 2553e6 94840->94841 94842 2553d1 94840->94842 94845 24f2c6 __dosmaperr 20 API calls 94841->94845 94847 25540b 94841->94847 94843 24f2c6 __dosmaperr 20 API calls 94842->94843 94844 2553d6 94843->94844 94846 24f2d9 _free 20 API calls 94844->94846 94848 255416 94845->94848 94850 2553de 94846->94850 94847->94826 94849 24f2d9 _free 20 API calls 94848->94849 94851 25541e 94849->94851 94850->94826 94852 2527ec _strftime 26 API calls 94851->94852 94852->94850 94853->94831 94854->94834 94855->94434 94856 262ba5 94857 222b25 94856->94857 94858 262baf 94856->94858 94884 222b83 7 API calls 94857->94884 94902 223a5a 94858->94902 94862 262bb8 94909 229cb3 94862->94909 94865 262bc6 94868 262bf5 94865->94868 94869 262bce 94865->94869 94866 222b2f 94867 222b44 94866->94867 94888 223837 94866->94888 94875 222b5f 94867->94875 94898 2230f2 94867->94898 94872 2233c6 22 API calls 94868->94872 94915 2233c6 94869->94915 94874 262bf1 GetForegroundWindow ShellExecuteW 94872->94874 94880 262c26 94874->94880 94882 222b66 SetCurrentDirectoryW 94875->94882 94879 262be7 94881 2233c6 22 API calls 94879->94881 94880->94875 94881->94874 94883 222b7a 94882->94883 94925 222cd4 7 API calls 94884->94925 94886 222b2a 94887 222c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94886->94887 94887->94866 94889 223862 ___scrt_fastfail 94888->94889 94926 224212 94889->94926 94893 263386 Shell_NotifyIconW 94894 223906 Shell_NotifyIconW 94930 223923 94894->94930 94895 2238e8 94895->94893 94895->94894 94897 22391c 94897->94867 94899 223154 94898->94899 94900 223104 ___scrt_fastfail 94898->94900 94899->94875 94901 223123 Shell_NotifyIconW 94900->94901 94901->94899 94903 261f50 __wsopen_s 94902->94903 94904 223a67 GetModuleFileNameW 94903->94904 94905 229cb3 22 API calls 94904->94905 94906 223a8d 94905->94906 94907 223aa2 23 API calls 94906->94907 94908 223a97 94907->94908 94908->94862 94910 229cc2 _wcslen 94909->94910 94911 23fe0b 22 API calls 94910->94911 94912 229cea __fread_nolock 94911->94912 94913 23fddb 22 API calls 94912->94913 94914 229d00 94913->94914 94914->94865 94916 2630bb 94915->94916 94917 2233dd 94915->94917 94919 23fddb 22 API calls 94916->94919 94961 2233ee 94917->94961 94921 2630c5 _wcslen 94919->94921 94920 2233e8 94924 226350 22 API calls 94920->94924 94922 23fe0b 22 API calls 94921->94922 94923 2630fe __fread_nolock 94922->94923 94924->94879 94925->94886 94927 2635a4 94926->94927 94928 2238b7 94926->94928 94927->94928 94929 2635ad DestroyIcon 94927->94929 94928->94895 94952 28c874 42 API calls _strftime 94928->94952 94929->94928 94931 22393f 94930->94931 94950 223a13 94930->94950 94953 226270 94931->94953 94934 263393 LoadStringW 94937 2633ad 94934->94937 94935 22395a 94936 226b57 22 API calls 94935->94936 94938 22396f 94936->94938 94946 223994 ___scrt_fastfail 94937->94946 94959 22a8c7 22 API calls __fread_nolock 94937->94959 94939 22397c 94938->94939 94940 2633c9 94938->94940 94939->94937 94942 223986 94939->94942 94960 226350 22 API calls 94940->94960 94958 226350 22 API calls 94942->94958 94945 2633d7 94945->94946 94948 2233c6 22 API calls 94945->94948 94947 2239f9 Shell_NotifyIconW 94946->94947 94947->94950 94949 2633f9 94948->94949 94951 2233c6 22 API calls 94949->94951 94950->94897 94951->94946 94952->94895 94954 23fe0b 22 API calls 94953->94954 94955 226295 94954->94955 94956 23fddb 22 API calls 94955->94956 94957 22394d 94956->94957 94957->94934 94957->94935 94958->94946 94959->94946 94960->94945 94962 2233fe _wcslen 94961->94962 94963 223411 94962->94963 94964 26311d 94962->94964 94971 22a587 94963->94971 94965 23fddb 22 API calls 94964->94965 94968 263127 94965->94968 94967 22341e __fread_nolock 94967->94920 94969 23fe0b 22 API calls 94968->94969 94970 263157 __fread_nolock 94969->94970 94972 22a59d 94971->94972 94975 22a598 __fread_nolock 94971->94975 94973 23fe0b 22 API calls 94972->94973 94974 26f80f 94972->94974 94973->94975 94975->94967 94976 262402 94979 221410 94976->94979 94980 22144f mciSendStringW 94979->94980 94981 2624b8 DestroyWindow 94979->94981 94982 2216c6 94980->94982 94983 22146b 94980->94983 94990 2624c4 94981->94990 94982->94983 94985 2216d5 UnregisterHotKey 94982->94985 94984 221479 94983->94984 94983->94990 95012 22182e 94984->95012 94985->94982 94987 2624e2 FindClose 94987->94990 94990->94987 94991 262509 94990->94991 94995 2624d8 94990->94995 94993 26252d 94991->94993 94994 26251c FreeLibrary 94991->94994 94992 22148e 94992->94993 95000 22149c 94992->95000 94996 262541 VirtualFree 94993->94996 95003 221509 94993->95003 94994->94991 94995->94990 95018 226246 CloseHandle 94995->95018 94996->94993 94997 2214f8 CoUninitialize 94997->95003 94998 221514 95002 221524 94998->95002 94999 262589 95005 262598 ISource 94999->95005 95019 2932eb 6 API calls ISource 94999->95019 95000->94997 95016 221944 VirtualFreeEx CloseHandle 95002->95016 95003->94998 95003->94999 95008 262627 95005->95008 95020 2864d4 22 API calls ISource 95005->95020 95007 22153a 95007->95005 95009 22161f 95007->95009 95008->95008 95009->95008 95017 221876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95009->95017 95011 2216c1 95013 22183b 95012->95013 95014 221480 95013->95014 95021 28702a 22 API calls 95013->95021 95014->94991 95014->94992 95016->95007 95017->95011 95018->94995 95019->94999 95020->95005 95021->95013 95022 221044 95027 2210f3 95022->95027 95024 22104a 95063 2400a3 29 API calls __onexit 95024->95063 95026 221054 95064 221398 95027->95064 95031 22116a 95032 22a961 22 API calls 95031->95032 95033 221174 95032->95033 95034 22a961 22 API calls 95033->95034 95035 22117e 95034->95035 95036 22a961 22 API calls 95035->95036 95037 221188 95036->95037 95038 22a961 22 API calls 95037->95038 95039 2211c6 95038->95039 95040 22a961 22 API calls 95039->95040 95041 221292 95040->95041 95074 22171c 95041->95074 95045 2212c4 95046 22a961 22 API calls 95045->95046 95047 2212ce 95046->95047 95095 231940 95047->95095 95049 2212f9 95105 221aab 95049->95105 95051 221315 95052 221325 GetStdHandle 95051->95052 95053 262485 95052->95053 95054 22137a 95052->95054 95053->95054 95055 26248e 95053->95055 95058 221387 OleInitialize 95054->95058 95056 23fddb 22 API calls 95055->95056 95057 262495 95056->95057 95112 29011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95057->95112 95058->95024 95060 26249e 95113 290944 CreateThread 95060->95113 95062 2624aa CloseHandle 95062->95054 95063->95026 95114 2213f1 95064->95114 95067 2213f1 22 API calls 95068 2213d0 95067->95068 95069 22a961 22 API calls 95068->95069 95070 2213dc 95069->95070 95071 226b57 22 API calls 95070->95071 95072 221129 95071->95072 95073 221bc3 6 API calls 95072->95073 95073->95031 95075 22a961 22 API calls 95074->95075 95076 22172c 95075->95076 95077 22a961 22 API calls 95076->95077 95078 221734 95077->95078 95079 22a961 22 API calls 95078->95079 95080 22174f 95079->95080 95081 23fddb 22 API calls 95080->95081 95082 22129c 95081->95082 95083 221b4a 95082->95083 95084 221b58 95083->95084 95085 22a961 22 API calls 95084->95085 95086 221b63 95085->95086 95087 22a961 22 API calls 95086->95087 95088 221b6e 95087->95088 95089 22a961 22 API calls 95088->95089 95090 221b79 95089->95090 95091 22a961 22 API calls 95090->95091 95092 221b84 95091->95092 95093 23fddb 22 API calls 95092->95093 95094 221b96 RegisterWindowMessageW 95093->95094 95094->95045 95096 231981 95095->95096 95102 23195d 95095->95102 95121 240242 5 API calls __Init_thread_wait 95096->95121 95098 23198b 95098->95102 95122 2401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95098->95122 95100 238727 95104 23196e 95100->95104 95124 2401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95100->95124 95102->95104 95123 240242 5 API calls __Init_thread_wait 95102->95123 95104->95049 95106 221abb 95105->95106 95107 26272d 95105->95107 95108 23fddb 22 API calls 95106->95108 95125 293209 23 API calls 95107->95125 95110 221ac3 95108->95110 95110->95051 95111 262738 95112->95060 95113->95062 95126 29092a 28 API calls 95113->95126 95115 22a961 22 API calls 95114->95115 95116 2213fc 95115->95116 95117 22a961 22 API calls 95116->95117 95118 221404 95117->95118 95119 22a961 22 API calls 95118->95119 95120 2213c6 95119->95120 95120->95067 95121->95098 95122->95102 95123->95100 95124->95104 95125->95111 95127 258402 95132 2581be 95127->95132 95130 25842a 95137 2581ef try_get_first_available_module 95132->95137 95134 2583ee 95151 2527ec 26 API calls _strftime 95134->95151 95136 258343 95136->95130 95144 260984 95136->95144 95143 258338 95137->95143 95147 248e0b 40 API calls 2 library calls 95137->95147 95139 25838c 95139->95143 95148 248e0b 40 API calls 2 library calls 95139->95148 95141 2583ab 95141->95143 95149 248e0b 40 API calls 2 library calls 95141->95149 95143->95136 95150 24f2d9 20 API calls _abort 95143->95150 95152 260081 95144->95152 95146 26099f 95146->95130 95147->95139 95148->95141 95149->95143 95150->95134 95151->95136 95155 26008d CallCatchBlock 95152->95155 95153 26009b 95210 24f2d9 20 API calls _abort 95153->95210 95155->95153 95156 2600d4 95155->95156 95163 26065b 95156->95163 95157 2600a0 95211 2527ec 26 API calls _strftime 95157->95211 95162 2600aa __fread_nolock 95162->95146 95213 26042f 95163->95213 95166 2606a6 95231 255221 95166->95231 95167 26068d 95245 24f2c6 20 API calls _abort 95167->95245 95170 260692 95246 24f2d9 20 API calls _abort 95170->95246 95171 2606ab 95172 2606b4 95171->95172 95173 2606cb 95171->95173 95247 24f2c6 20 API calls _abort 95172->95247 95244 26039a CreateFileW 95173->95244 95177 2606b9 95248 24f2d9 20 API calls _abort 95177->95248 95178 260781 GetFileType 95181 2607d3 95178->95181 95182 26078c GetLastError 95178->95182 95180 260756 GetLastError 95250 24f2a3 20 API calls 2 library calls 95180->95250 95253 25516a 21 API calls 3 library calls 95181->95253 95251 24f2a3 20 API calls 2 library calls 95182->95251 95183 260704 95183->95178 95183->95180 95249 26039a CreateFileW 95183->95249 95187 26079a CloseHandle 95187->95170 95190 2607c3 95187->95190 95189 260749 95189->95178 95189->95180 95252 24f2d9 20 API calls _abort 95190->95252 95192 2607f4 95194 260840 95192->95194 95254 2605ab 72 API calls 4 library calls 95192->95254 95193 2607c8 95193->95170 95198 26086d 95194->95198 95255 26014d 72 API calls 4 library calls 95194->95255 95197 260866 95197->95198 95199 26087e 95197->95199 95200 2586ae __wsopen_s 29 API calls 95198->95200 95201 2600f8 95199->95201 95202 2608fc CloseHandle 95199->95202 95200->95201 95212 260121 LeaveCriticalSection __wsopen_s 95201->95212 95256 26039a CreateFileW 95202->95256 95204 260927 95205 26095d 95204->95205 95206 260931 GetLastError 95204->95206 95205->95201 95257 24f2a3 20 API calls 2 library calls 95206->95257 95208 26093d 95258 255333 21 API calls 3 library calls 95208->95258 95210->95157 95211->95162 95212->95162 95214 260450 95213->95214 95219 26046a 95213->95219 95214->95219 95266 24f2d9 20 API calls _abort 95214->95266 95217 26045f 95267 2527ec 26 API calls _strftime 95217->95267 95259 2603bf 95219->95259 95220 2604d1 95229 260524 95220->95229 95270 24d70d 26 API calls 2 library calls 95220->95270 95221 2604a2 95221->95220 95268 24f2d9 20 API calls _abort 95221->95268 95224 26051f 95226 26059e 95224->95226 95224->95229 95225 2604c6 95269 2527ec 26 API calls _strftime 95225->95269 95271 2527fc 11 API calls _abort 95226->95271 95229->95166 95229->95167 95230 2605aa 95232 25522d CallCatchBlock 95231->95232 95274 252f5e EnterCriticalSection 95232->95274 95234 25527b 95275 25532a 95234->95275 95236 255234 95236->95234 95237 255259 95236->95237 95241 2552c7 EnterCriticalSection 95236->95241 95278 255000 95237->95278 95238 2552a4 __fread_nolock 95238->95171 95241->95234 95242 2552d4 LeaveCriticalSection 95241->95242 95242->95236 95244->95183 95245->95170 95246->95201 95247->95177 95248->95170 95249->95189 95250->95170 95251->95187 95252->95193 95253->95192 95254->95194 95255->95197 95256->95204 95257->95208 95258->95205 95260 2603d7 95259->95260 95261 2603f2 95260->95261 95272 24f2d9 20 API calls _abort 95260->95272 95261->95221 95263 260416 95273 2527ec 26 API calls _strftime 95263->95273 95265 260421 95265->95221 95266->95217 95267->95219 95268->95225 95269->95220 95270->95224 95271->95230 95272->95263 95273->95265 95274->95236 95286 252fa6 LeaveCriticalSection 95275->95286 95277 255331 95277->95238 95279 254c7d pair 20 API calls 95278->95279 95280 255012 95279->95280 95284 25501f 95280->95284 95287 253405 11 API calls 2 library calls 95280->95287 95281 2529c8 _free 20 API calls 95283 255071 95281->95283 95283->95234 95285 255147 EnterCriticalSection 95283->95285 95284->95281 95285->95234 95286->95277 95287->95280 95288 272a00 95304 22d7b0 ISource 95288->95304 95289 22db11 PeekMessageW 95289->95304 95290 22d807 GetInputState 95290->95289 95290->95304 95291 271cbe TranslateAcceleratorW 95291->95304 95293 22db8f PeekMessageW 95293->95304 95294 22da04 timeGetTime 95294->95304 95295 22db73 TranslateMessage DispatchMessageW 95295->95293 95296 22dbaf Sleep 95296->95304 95297 272b74 Sleep 95307 272a51 95297->95307 95299 271dda timeGetTime 95449 23e300 23 API calls 95299->95449 95303 272c0b GetExitCodeProcess 95305 272c37 CloseHandle 95303->95305 95306 272c21 WaitForSingleObject 95303->95306 95304->95289 95304->95290 95304->95291 95304->95293 95304->95294 95304->95295 95304->95296 95304->95297 95304->95299 95304->95307 95308 22d9d5 95304->95308 95320 22dd50 95304->95320 95327 231310 95304->95327 95384 22bf40 95304->95384 95442 23edf6 95304->95442 95447 22dfd0 348 API calls 3 library calls 95304->95447 95448 23e551 timeGetTime 95304->95448 95450 293a2a 23 API calls 95304->95450 95451 22ec40 95304->95451 95475 29359c 82 API calls __wsopen_s 95304->95475 95305->95307 95306->95304 95306->95305 95307->95303 95307->95304 95307->95308 95309 2b29bf GetForegroundWindow 95307->95309 95311 272ca9 Sleep 95307->95311 95476 2a5658 23 API calls 95307->95476 95477 28e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95307->95477 95478 23e551 timeGetTime 95307->95478 95479 28d4dc CreateToolhelp32Snapshot Process32FirstW 95307->95479 95309->95307 95311->95304 95321 22dd83 95320->95321 95322 22dd6f 95320->95322 95521 29359c 82 API calls __wsopen_s 95321->95521 95489 22d260 95322->95489 95324 22dd7a 95324->95304 95326 272f75 95326->95326 95328 2317b0 95327->95328 95329 231376 95327->95329 95560 240242 5 API calls __Init_thread_wait 95328->95560 95330 231390 95329->95330 95331 276331 95329->95331 95333 231940 9 API calls 95330->95333 95574 2a709c 348 API calls 95331->95574 95336 2313a0 95333->95336 95335 2317ba 95338 2317fb 95335->95338 95340 229cb3 22 API calls 95335->95340 95339 231940 9 API calls 95336->95339 95337 27633d 95337->95304 95342 276346 95338->95342 95344 23182c 95338->95344 95341 2313b6 95339->95341 95347 2317d4 95340->95347 95341->95338 95343 2313ec 95341->95343 95575 29359c 82 API calls __wsopen_s 95342->95575 95343->95342 95367 231408 __fread_nolock 95343->95367 95562 22aceb 95344->95562 95561 2401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95347->95561 95348 231839 95572 23d217 348 API calls 95348->95572 95350 27636e 95576 29359c 82 API calls __wsopen_s 95350->95576 95352 23152f 95354 2763d1 95352->95354 95355 23153c 95352->95355 95578 2a5745 54 API calls _wcslen 95354->95578 95357 231940 9 API calls 95355->95357 95358 231549 95357->95358 95362 2764fa 95358->95362 95364 231940 9 API calls 95358->95364 95359 23fddb 22 API calls 95359->95367 95360 231872 95573 23faeb 23 API calls 95360->95573 95361 23fe0b 22 API calls 95361->95367 95371 276369 95362->95371 95580 29359c 82 API calls __wsopen_s 95362->95580 95369 231563 95364->95369 95366 22ec40 348 API calls 95366->95367 95367->95348 95367->95350 95367->95352 95367->95359 95367->95361 95367->95366 95368 2763b2 95367->95368 95367->95371 95577 29359c 82 API calls __wsopen_s 95368->95577 95369->95362 95374 2315c7 ISource 95369->95374 95579 22a8c7 22 API calls __fread_nolock 95369->95579 95371->95304 95373 231940 9 API calls 95373->95374 95374->95360 95374->95362 95374->95371 95374->95373 95377 23167b ISource 95374->95377 95531 295c5a 95374->95531 95536 2aa2ea 95374->95536 95541 2b1591 95374->95541 95544 23f645 95374->95544 95551 2aab67 95374->95551 95554 2aabf7 95374->95554 95375 23171d 95375->95304 95377->95375 95559 23ce17 22 API calls ISource 95377->95559 95754 22adf0 95384->95754 95386 22bf9d 95387 2704b6 95386->95387 95388 22bfa9 95386->95388 95772 29359c 82 API calls __wsopen_s 95387->95772 95390 2704c6 95388->95390 95391 22c01e 95388->95391 95773 29359c 82 API calls __wsopen_s 95390->95773 95759 22ac91 95391->95759 95394 2704f5 95412 27055a 95394->95412 95774 23d217 348 API calls 95394->95774 95396 287120 22 API calls 95404 22c039 ISource __fread_nolock 95396->95404 95397 22c7da 95400 23fe0b 22 API calls 95397->95400 95405 22c808 __fread_nolock 95400->95405 95404->95394 95404->95396 95404->95397 95404->95405 95407 22af8a 22 API calls 95404->95407 95408 27091a 95404->95408 95409 23fddb 22 API calls 95404->95409 95404->95412 95413 22ec40 348 API calls 95404->95413 95414 2708a5 95404->95414 95418 270591 95404->95418 95419 2708f6 95404->95419 95424 22c237 95404->95424 95425 22aceb 23 API calls 95404->95425 95427 23fe0b 22 API calls 95404->95427 95429 22c603 95404->95429 95435 2709bf 95404->95435 95438 22bbe0 40 API calls 95404->95438 95763 22ad81 95404->95763 95777 287099 22 API calls __fread_nolock 95404->95777 95778 2a5745 54 API calls _wcslen 95404->95778 95779 23aa42 22 API calls ISource 95404->95779 95780 28f05c 40 API calls 95404->95780 95781 22a993 41 API calls 95404->95781 95406 23fe0b 22 API calls 95405->95406 95440 22c350 ISource __fread_nolock 95406->95440 95407->95404 95784 293209 23 API calls 95408->95784 95409->95404 95412->95429 95775 29359c 82 API calls __wsopen_s 95412->95775 95413->95404 95415 22ec40 348 API calls 95414->95415 95416 2708cf 95415->95416 95416->95429 95782 22a81b 41 API calls 95416->95782 95776 29359c 82 API calls __wsopen_s 95418->95776 95783 29359c 82 API calls __wsopen_s 95419->95783 95426 22c253 95424->95426 95785 22a8c7 22 API calls __fread_nolock 95424->95785 95425->95404 95430 270976 95426->95430 95433 22c297 ISource 95426->95433 95427->95404 95429->95304 95432 22aceb 23 API calls 95430->95432 95432->95435 95434 22aceb 23 API calls 95433->95434 95433->95435 95436 22c335 95434->95436 95435->95429 95786 29359c 82 API calls __wsopen_s 95435->95786 95436->95435 95437 22c342 95436->95437 95770 22a704 22 API calls ISource 95437->95770 95438->95404 95441 22c3ac 95440->95441 95771 23ce17 22 API calls ISource 95440->95771 95441->95304 95444 23ee09 95442->95444 95446 23ee12 95442->95446 95443 23ee36 IsDialogMessageW 95443->95444 95443->95446 95444->95304 95445 27efaf GetClassLongW 95445->95443 95445->95446 95446->95443 95446->95444 95446->95445 95447->95304 95448->95304 95449->95304 95450->95304 95471 22ec76 ISource 95451->95471 95452 23fddb 22 API calls 95452->95471 95453 2401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95453->95471 95454 22fef7 95468 22ed9d ISource 95454->95468 95799 22a8c7 22 API calls __fread_nolock 95454->95799 95457 274600 95457->95468 95798 22a8c7 22 API calls __fread_nolock 95457->95798 95458 274b0b 95801 29359c 82 API calls __wsopen_s 95458->95801 95459 22a8c7 22 API calls 95459->95471 95465 240242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95465->95471 95466 22fbe3 95466->95468 95469 274bdc 95466->95469 95474 22f3ae ISource 95466->95474 95467 22a961 22 API calls 95467->95471 95468->95304 95802 29359c 82 API calls __wsopen_s 95469->95802 95471->95452 95471->95453 95471->95454 95471->95457 95471->95458 95471->95459 95471->95465 95471->95466 95471->95467 95471->95468 95472 2400a3 29 API calls pre_c_initialization 95471->95472 95473 274beb 95471->95473 95471->95474 95796 2301e0 348 API calls 2 library calls 95471->95796 95797 2306a0 41 API calls ISource 95471->95797 95472->95471 95803 29359c 82 API calls __wsopen_s 95473->95803 95474->95468 95800 29359c 82 API calls __wsopen_s 95474->95800 95475->95304 95476->95307 95477->95307 95478->95307 95804 28def7 95479->95804 95481 28d529 Process32NextW 95482 28d5db CloseHandle 95481->95482 95484 28d522 95481->95484 95482->95307 95483 22a961 22 API calls 95483->95484 95484->95481 95484->95482 95484->95483 95485 229cb3 22 API calls 95484->95485 95810 22525f 22 API calls 95484->95810 95811 226350 22 API calls 95484->95811 95812 23ce60 41 API calls 95484->95812 95485->95484 95490 22ec40 348 API calls 95489->95490 95509 22d29d 95490->95509 95491 271bc4 95530 29359c 82 API calls __wsopen_s 95491->95530 95493 22d30b ISource 95493->95324 95494 22d6d5 95494->95493 95502 23fe0b 22 API calls 95494->95502 95495 22d3c3 95495->95494 95497 22d3ce 95495->95497 95496 22d5ff 95499 271bb5 95496->95499 95500 22d614 95496->95500 95498 23fddb 22 API calls 95497->95498 95503 22d3d5 __fread_nolock 95498->95503 95529 2a5705 23 API calls 95499->95529 95505 23fddb 22 API calls 95500->95505 95501 22d4b8 95507 23fe0b 22 API calls 95501->95507 95502->95503 95511 23fddb 22 API calls 95503->95511 95512 22d3f6 95503->95512 95508 22d46a 95505->95508 95506 23fddb 22 API calls 95506->95509 95510 22d429 ISource __fread_nolock 95507->95510 95508->95324 95509->95491 95509->95493 95509->95494 95509->95495 95509->95501 95509->95506 95509->95510 95510->95496 95510->95508 95514 271ba4 95510->95514 95517 271b7f 95510->95517 95519 271b5d 95510->95519 95523 221f6f 95510->95523 95511->95512 95512->95510 95522 22bec0 348 API calls 95512->95522 95528 29359c 82 API calls __wsopen_s 95514->95528 95527 29359c 82 API calls __wsopen_s 95517->95527 95526 29359c 82 API calls __wsopen_s 95519->95526 95521->95326 95522->95510 95524 22ec40 348 API calls 95523->95524 95525 221f98 95524->95525 95525->95510 95526->95508 95527->95508 95528->95508 95529->95491 95530->95493 95581 227510 95531->95581 95535 295c77 95535->95374 95537 227510 53 API calls 95536->95537 95538 2aa306 95537->95538 95539 28d4dc 47 API calls 95538->95539 95540 2aa315 95539->95540 95540->95374 95613 2b2ad8 95541->95613 95543 2b159f 95543->95374 95624 22b567 95544->95624 95546 23f659 95547 23f661 timeGetTime 95546->95547 95548 27f2dc Sleep 95546->95548 95549 22b567 39 API calls 95547->95549 95550 23f677 95549->95550 95550->95374 95630 2aaff9 95551->95630 95555 2aaff9 217 API calls 95554->95555 95557 2aac0c 95555->95557 95556 2aac54 95556->95374 95557->95556 95558 22aceb 23 API calls 95557->95558 95558->95556 95559->95377 95560->95335 95561->95338 95563 22acf9 95562->95563 95566 22ad2a ISource 95562->95566 95564 22ad55 95563->95564 95565 22ad01 ISource 95563->95565 95564->95566 95752 22a8c7 22 API calls __fread_nolock 95564->95752 95565->95566 95568 22ad21 95565->95568 95569 26fa48 95565->95569 95566->95348 95568->95566 95570 26fa3a VariantClear 95568->95570 95569->95566 95753 23ce17 22 API calls ISource 95569->95753 95570->95566 95572->95360 95573->95360 95574->95337 95575->95371 95576->95371 95577->95371 95578->95369 95579->95374 95580->95371 95582 227525 95581->95582 95598 227522 95581->95598 95583 22752d 95582->95583 95585 22755b 95582->95585 95609 2451c6 26 API calls 95583->95609 95586 2650f6 95585->95586 95587 22756d 95585->95587 95594 26500f 95585->95594 95612 245183 26 API calls 95586->95612 95610 23fb21 51 API calls 95587->95610 95588 22753d 95593 23fddb 22 API calls 95588->95593 95591 26510e 95591->95591 95595 227547 95593->95595 95597 23fe0b 22 API calls 95594->95597 95603 265088 95594->95603 95596 229cb3 22 API calls 95595->95596 95596->95598 95600 265058 95597->95600 95604 28dbbe lstrlenW 95598->95604 95599 23fddb 22 API calls 95601 26507f 95599->95601 95600->95599 95602 229cb3 22 API calls 95601->95602 95602->95603 95611 23fb21 51 API calls 95603->95611 95605 28dbdc GetFileAttributesW 95604->95605 95606 28dc06 95604->95606 95605->95606 95607 28dbe8 FindFirstFileW 95605->95607 95606->95535 95607->95606 95608 28dbf9 FindClose 95607->95608 95608->95606 95609->95588 95610->95588 95611->95586 95612->95591 95614 22aceb 23 API calls 95613->95614 95615 2b2af3 95614->95615 95616 2b2aff 95615->95616 95617 2b2b1d 95615->95617 95618 227510 53 API calls 95616->95618 95619 226b57 22 API calls 95617->95619 95620 2b2b0c 95618->95620 95621 2b2b1b 95619->95621 95620->95621 95623 22a8c7 22 API calls __fread_nolock 95620->95623 95621->95543 95623->95621 95625 22b578 95624->95625 95626 22b57f 95624->95626 95625->95626 95629 2462d1 39 API calls _strftime 95625->95629 95626->95546 95628 22b5c2 95628->95546 95629->95628 95631 2ab01d ___scrt_fastfail 95630->95631 95632 2ab058 95631->95632 95633 2ab094 95631->95633 95634 22b567 39 API calls 95632->95634 95637 22b567 39 API calls 95633->95637 95638 2ab08b 95633->95638 95635 2ab063 95634->95635 95635->95638 95641 22b567 39 API calls 95635->95641 95636 2ab0ed 95639 227510 53 API calls 95636->95639 95640 2ab0a5 95637->95640 95638->95636 95642 22b567 39 API calls 95638->95642 95643 2ab10b 95639->95643 95644 22b567 39 API calls 95640->95644 95645 2ab078 95641->95645 95642->95636 95721 227620 95643->95721 95644->95638 95647 22b567 39 API calls 95645->95647 95647->95638 95648 2ab115 95649 2ab1d8 95648->95649 95650 2ab11f 95648->95650 95651 2ab20a GetCurrentDirectoryW 95649->95651 95655 227510 53 API calls 95649->95655 95652 227510 53 API calls 95650->95652 95653 23fe0b 22 API calls 95651->95653 95654 2ab130 95652->95654 95656 2ab22f GetCurrentDirectoryW 95653->95656 95657 227620 22 API calls 95654->95657 95658 2ab1ef 95655->95658 95659 2ab23c 95656->95659 95660 2ab13a 95657->95660 95661 227620 22 API calls 95658->95661 95664 2ab275 95659->95664 95728 229c6e 22 API calls 95659->95728 95662 227510 53 API calls 95660->95662 95663 2ab1f9 _wcslen 95661->95663 95665 2ab14b 95662->95665 95663->95651 95663->95664 95672 2ab28b 95664->95672 95673 2ab287 95664->95673 95667 227620 22 API calls 95665->95667 95669 2ab155 95667->95669 95668 2ab255 95729 229c6e 22 API calls 95668->95729 95671 227510 53 API calls 95669->95671 95675 2ab166 95671->95675 95731 2907c0 10 API calls 95672->95731 95678 2ab39a CreateProcessW 95673->95678 95679 2ab2f8 95673->95679 95674 2ab265 95730 229c6e 22 API calls 95674->95730 95681 227620 22 API calls 95675->95681 95677 2ab294 95732 2906e6 10 API calls 95677->95732 95686 2ab32f _wcslen 95678->95686 95734 2811c8 39 API calls 95679->95734 95684 2ab170 95681->95684 95688 2ab1a6 GetSystemDirectoryW 95684->95688 95693 227510 53 API calls 95684->95693 95685 2ab2aa 95733 2905a7 8 API calls 95685->95733 95701 2ab42f CloseHandle 95686->95701 95702 2ab3d6 GetLastError 95686->95702 95687 2ab2fd 95691 2ab32a 95687->95691 95692 2ab323 95687->95692 95690 23fe0b 22 API calls 95688->95690 95695 2ab1cb GetSystemDirectoryW 95690->95695 95736 2814ce 6 API calls 95691->95736 95735 281201 128 API calls 2 library calls 95692->95735 95697 2ab187 95693->95697 95694 2ab2d0 95694->95673 95695->95659 95700 227620 22 API calls 95697->95700 95699 2ab328 95699->95686 95703 2ab191 _wcslen 95700->95703 95704 2ab43f 95701->95704 95712 2ab49a 95701->95712 95711 2ab41a 95702->95711 95703->95659 95703->95688 95705 2ab451 95704->95705 95706 2ab446 CloseHandle 95704->95706 95708 2ab458 CloseHandle 95705->95708 95709 2ab463 95705->95709 95706->95705 95708->95709 95713 2ab46a CloseHandle 95709->95713 95714 2ab475 95709->95714 95710 2ab4a6 95710->95711 95725 290175 95711->95725 95712->95710 95717 2ab4d2 CloseHandle 95712->95717 95713->95714 95737 2909d9 34 API calls 95714->95737 95717->95711 95719 2ab486 95738 2ab536 25 API calls 95719->95738 95722 22762a _wcslen 95721->95722 95723 23fe0b 22 API calls 95722->95723 95724 22763f 95723->95724 95724->95648 95739 29030f 95725->95739 95728->95668 95729->95674 95730->95664 95731->95677 95732->95685 95733->95694 95734->95687 95735->95699 95736->95686 95737->95719 95738->95712 95740 290329 95739->95740 95741 290321 CloseHandle 95739->95741 95742 29032e CloseHandle 95740->95742 95743 290336 95740->95743 95741->95740 95742->95743 95744 29033b CloseHandle 95743->95744 95745 290343 95743->95745 95744->95745 95746 290348 CloseHandle 95745->95746 95747 290350 95745->95747 95746->95747 95748 29035d 95747->95748 95749 290355 CloseHandle 95747->95749 95750 29017d 95748->95750 95751 290362 CloseHandle 95748->95751 95749->95748 95750->95374 95751->95750 95752->95566 95753->95566 95755 22ae01 95754->95755 95758 22ae1c ISource 95754->95758 95756 22aec9 22 API calls 95755->95756 95757 22ae09 CharUpperBuffW 95756->95757 95757->95758 95758->95386 95761 22acae 95759->95761 95760 22acd1 95760->95404 95761->95760 95787 29359c 82 API calls __wsopen_s 95761->95787 95764 22ad92 95763->95764 95765 26fadb 95763->95765 95766 23fddb 22 API calls 95764->95766 95767 22ad99 95766->95767 95788 22adcd 95767->95788 95770->95440 95771->95440 95772->95390 95773->95429 95774->95412 95775->95429 95776->95429 95777->95404 95778->95404 95779->95404 95780->95404 95781->95404 95782->95419 95783->95429 95784->95424 95785->95426 95786->95429 95787->95760 95791 22addd 95788->95791 95789 22adb6 95789->95404 95790 23fddb 22 API calls 95790->95791 95791->95789 95791->95790 95792 22a961 22 API calls 95791->95792 95794 22adcd 22 API calls 95791->95794 95795 22a8c7 22 API calls __fread_nolock 95791->95795 95792->95791 95794->95791 95795->95791 95796->95471 95797->95471 95798->95468 95799->95468 95800->95468 95801->95468 95802->95473 95803->95468 95805 28df02 95804->95805 95806 28df19 95805->95806 95809 28df1f 95805->95809 95813 2463b2 GetStringTypeW _strftime 95805->95813 95814 2462fb 39 API calls _strftime 95806->95814 95809->95484 95810->95484 95811->95484 95812->95484 95813->95805 95814->95809 95815 221cad SystemParametersInfoW 95816 221033 95821 224c91 95816->95821 95820 221042 95822 22a961 22 API calls 95821->95822 95823 224cff 95822->95823 95829 223af0 95823->95829 95826 224d9c 95827 221038 95826->95827 95832 2251f7 22 API calls __fread_nolock 95826->95832 95828 2400a3 29 API calls __onexit 95827->95828 95828->95820 95833 223b1c 95829->95833 95832->95826 95834 223b0f 95833->95834 95835 223b29 95833->95835 95834->95826 95835->95834 95836 223b30 RegOpenKeyExW 95835->95836 95836->95834 95837 223b4a RegQueryValueExW 95836->95837 95838 223b80 RegCloseKey 95837->95838 95839 223b6b 95837->95839 95838->95834 95839->95838 95840 273f75 95851 23ceb1 95840->95851 95842 273f8b 95843 274006 95842->95843 95860 23e300 23 API calls 95842->95860 95845 22bf40 348 API calls 95843->95845 95848 274052 95845->95848 95847 273fe6 95847->95848 95861 291abf 22 API calls 95847->95861 95850 274a88 95848->95850 95862 29359c 82 API calls __wsopen_s 95848->95862 95852 23ced2 95851->95852 95853 23cebf 95851->95853 95855 23ced7 95852->95855 95856 23cf05 95852->95856 95854 22aceb 23 API calls 95853->95854 95859 23cec9 95854->95859 95857 23fddb 22 API calls 95855->95857 95858 22aceb 23 API calls 95856->95858 95857->95859 95858->95859 95859->95842 95860->95847 95861->95843 95862->95850 95863 223156 95866 223170 95863->95866 95867 223187 95866->95867 95868 2231eb 95867->95868 95869 22318c 95867->95869 95906 2231e9 95867->95906 95871 2231f1 95868->95871 95872 262dfb 95868->95872 95873 223265 PostQuitMessage 95869->95873 95874 223199 95869->95874 95870 2231d0 DefWindowProcW 95898 22316a 95870->95898 95875 2231f8 95871->95875 95876 22321d SetTimer RegisterWindowMessageW 95871->95876 95921 2218e2 10 API calls 95872->95921 95873->95898 95878 2231a4 95874->95878 95879 262e7c 95874->95879 95880 223201 KillTimer 95875->95880 95881 262d9c 95875->95881 95883 223246 CreatePopupMenu 95876->95883 95876->95898 95884 2231ae 95878->95884 95885 262e68 95878->95885 95924 28bf30 34 API calls ___scrt_fastfail 95879->95924 95889 2230f2 Shell_NotifyIconW 95880->95889 95887 262dd7 MoveWindow 95881->95887 95888 262da1 95881->95888 95882 262e1c 95922 23e499 42 API calls 95882->95922 95883->95898 95892 262e4d 95884->95892 95893 2231b9 95884->95893 95911 28c161 95885->95911 95887->95898 95895 262dc6 SetFocus 95888->95895 95896 262da7 95888->95896 95897 223214 95889->95897 95892->95870 95923 280ad7 22 API calls 95892->95923 95899 2231c4 95893->95899 95900 223253 95893->95900 95894 262e8e 95894->95870 95894->95898 95895->95898 95896->95899 95901 262db0 95896->95901 95918 223c50 DeleteObject DestroyWindow 95897->95918 95899->95870 95908 2230f2 Shell_NotifyIconW 95899->95908 95919 22326f 44 API calls ___scrt_fastfail 95900->95919 95920 2218e2 10 API calls 95901->95920 95906->95870 95907 223263 95907->95898 95909 262e41 95908->95909 95910 223837 49 API calls 95909->95910 95910->95906 95912 28c179 ___scrt_fastfail 95911->95912 95913 28c276 95911->95913 95914 223923 24 API calls 95912->95914 95913->95898 95916 28c1a0 95914->95916 95915 28c25f KillTimer SetTimer 95915->95913 95916->95915 95917 28c251 Shell_NotifyIconW 95916->95917 95917->95915 95918->95898 95919->95907 95920->95898 95921->95882 95922->95899 95923->95906 95924->95894 95925 222e37 95926 22a961 22 API calls 95925->95926 95927 222e4d 95926->95927 96004 224ae3 95927->96004 95929 222e6b 95930 223a5a 24 API calls 95929->95930 95931 222e7f 95930->95931 95932 229cb3 22 API calls 95931->95932 95933 222e8c 95932->95933 95934 224ecb 94 API calls 95933->95934 95935 222ea5 95934->95935 95936 262cb0 95935->95936 95937 222ead 95935->95937 95938 292cf9 80 API calls 95936->95938 96018 22a8c7 22 API calls __fread_nolock 95937->96018 95939 262cc3 95938->95939 95941 262ccf 95939->95941 95942 224f39 68 API calls 95939->95942 95945 224f39 68 API calls 95941->95945 95942->95941 95943 222ec3 96019 226f88 22 API calls 95943->96019 95947 262ce5 95945->95947 95946 222ecf 95948 229cb3 22 API calls 95946->95948 96036 223084 22 API calls 95947->96036 95949 222edc 95948->95949 96020 22a81b 41 API calls 95949->96020 95952 222eec 95954 229cb3 22 API calls 95952->95954 95953 262d02 96037 223084 22 API calls 95953->96037 95955 222f12 95954->95955 96021 22a81b 41 API calls 95955->96021 95958 262d1e 95959 223a5a 24 API calls 95958->95959 95960 262d44 95959->95960 96038 223084 22 API calls 95960->96038 95961 222f21 95964 22a961 22 API calls 95961->95964 95963 262d50 96039 22a8c7 22 API calls __fread_nolock 95963->96039 95966 222f3f 95964->95966 96022 223084 22 API calls 95966->96022 95967 262d5e 96040 223084 22 API calls 95967->96040 95970 222f4b 96023 244a28 40 API calls 2 library calls 95970->96023 95971 262d6d 96041 22a8c7 22 API calls __fread_nolock 95971->96041 95973 222f59 95973->95947 95974 222f63 95973->95974 96024 244a28 40 API calls 2 library calls 95974->96024 95977 222f6e 95977->95953 95979 222f78 95977->95979 95978 262d83 96042 223084 22 API calls 95978->96042 96025 244a28 40 API calls 2 library calls 95979->96025 95982 262d90 95983 222f83 95983->95958 95984 222f8d 95983->95984 96026 244a28 40 API calls 2 library calls 95984->96026 95986 222f98 95987 222fdc 95986->95987 96027 223084 22 API calls 95986->96027 95987->95971 95988 222fe8 95987->95988 95988->95982 96030 2263eb 22 API calls 95988->96030 95991 222fbf 96028 22a8c7 22 API calls __fread_nolock 95991->96028 95992 222ff8 96031 226a50 22 API calls 95992->96031 95995 222fcd 96029 223084 22 API calls 95995->96029 95997 223006 96032 2270b0 23 API calls 95997->96032 96001 223021 96002 223065 96001->96002 96033 226f88 22 API calls 96001->96033 96034 2270b0 23 API calls 96001->96034 96035 223084 22 API calls 96001->96035 96005 224af0 __wsopen_s 96004->96005 96006 226b57 22 API calls 96005->96006 96007 224b22 96005->96007 96006->96007 96017 224b58 96007->96017 96043 224c6d 96007->96043 96009 229cb3 22 API calls 96011 224c52 96009->96011 96010 229cb3 22 API calls 96010->96017 96012 22515f 22 API calls 96011->96012 96015 224c5e 96012->96015 96013 224c6d 22 API calls 96013->96017 96014 22515f 22 API calls 96014->96017 96015->95929 96016 224c29 96016->96009 96016->96015 96017->96010 96017->96013 96017->96014 96017->96016 96018->95943 96019->95946 96020->95952 96021->95961 96022->95970 96023->95973 96024->95977 96025->95983 96026->95986 96027->95991 96028->95995 96029->95987 96030->95992 96031->95997 96032->96001 96033->96001 96034->96001 96035->96001 96036->95953 96037->95958 96038->95963 96039->95967 96040->95971 96041->95978 96042->95982 96044 22aec9 22 API calls 96043->96044 96045 224c78 96044->96045 96045->96007 96046 22105b 96051 22344d 96046->96051 96048 22106a 96082 2400a3 29 API calls __onexit 96048->96082 96050 221074 96052 22345d __wsopen_s 96051->96052 96053 22a961 22 API calls 96052->96053 96054 223513 96053->96054 96055 223a5a 24 API calls 96054->96055 96056 22351c 96055->96056 96083 223357 96056->96083 96059 2233c6 22 API calls 96060 223535 96059->96060 96061 22515f 22 API calls 96060->96061 96062 223544 96061->96062 96063 22a961 22 API calls 96062->96063 96064 22354d 96063->96064 96065 22a6c3 22 API calls 96064->96065 96066 223556 RegOpenKeyExW 96065->96066 96067 263176 RegQueryValueExW 96066->96067 96072 223578 96066->96072 96068 263193 96067->96068 96069 26320c RegCloseKey 96067->96069 96070 23fe0b 22 API calls 96068->96070 96069->96072 96081 26321e _wcslen 96069->96081 96071 2631ac 96070->96071 96074 225722 22 API calls 96071->96074 96072->96048 96073 224c6d 22 API calls 96073->96081 96075 2631b7 RegQueryValueExW 96074->96075 96076 2631d4 96075->96076 96078 2631ee ISource 96075->96078 96077 226b57 22 API calls 96076->96077 96077->96078 96078->96069 96079 229cb3 22 API calls 96079->96081 96080 22515f 22 API calls 96080->96081 96081->96072 96081->96073 96081->96079 96081->96080 96082->96050 96084 261f50 __wsopen_s 96083->96084 96085 223364 GetFullPathNameW 96084->96085 96086 223386 96085->96086 96087 226b57 22 API calls 96086->96087 96088 2233a4 96087->96088 96088->96059 96089 221098 96094 2242de 96089->96094 96093 2210a7 96095 22a961 22 API calls 96094->96095 96096 2242f5 GetVersionExW 96095->96096 96097 226b57 22 API calls 96096->96097 96098 224342 96097->96098 96099 2293b2 22 API calls 96098->96099 96111 224378 96098->96111 96100 22436c 96099->96100 96102 2237a0 22 API calls 96100->96102 96101 22441b GetCurrentProcess IsWow64Process 96103 224437 96101->96103 96102->96111 96104 263824 GetSystemInfo 96103->96104 96105 22444f LoadLibraryA 96103->96105 96106 224460 GetProcAddress 96105->96106 96107 22449c GetSystemInfo 96105->96107 96106->96107 96110 224470 GetNativeSystemInfo 96106->96110 96108 224476 96107->96108 96112 22109d 96108->96112 96113 22447a FreeLibrary 96108->96113 96109 2637df 96110->96108 96111->96101 96111->96109 96114 2400a3 29 API calls __onexit 96112->96114 96113->96112 96114->96093 96115 22f7bf 96116 22f7d3 96115->96116 96117 22fcb6 96115->96117 96118 22fcc2 96116->96118 96120 23fddb 22 API calls 96116->96120 96119 22aceb 23 API calls 96117->96119 96121 22aceb 23 API calls 96118->96121 96119->96118 96122 22f7e5 96120->96122 96124 22fd3d 96121->96124 96122->96118 96123 22f83e 96122->96123 96122->96124 96126 231310 348 API calls 96123->96126 96138 22ed9d ISource 96123->96138 96152 291155 22 API calls 96124->96152 96131 22ec76 ISource 96126->96131 96127 274beb 96158 29359c 82 API calls __wsopen_s 96127->96158 96128 22fef7 96128->96138 96154 22a8c7 22 API calls __fread_nolock 96128->96154 96131->96127 96131->96128 96132 274600 96131->96132 96133 274b0b 96131->96133 96131->96138 96140 240242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96131->96140 96141 22a8c7 22 API calls 96131->96141 96142 22fbe3 96131->96142 96143 22a961 22 API calls 96131->96143 96146 23fddb 22 API calls 96131->96146 96147 2400a3 29 API calls pre_c_initialization 96131->96147 96148 2401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96131->96148 96149 22f3ae ISource 96131->96149 96150 2301e0 348 API calls 2 library calls 96131->96150 96151 2306a0 41 API calls ISource 96131->96151 96132->96138 96153 22a8c7 22 API calls __fread_nolock 96132->96153 96156 29359c 82 API calls __wsopen_s 96133->96156 96140->96131 96141->96131 96142->96138 96144 274bdc 96142->96144 96142->96149 96143->96131 96157 29359c 82 API calls __wsopen_s 96144->96157 96146->96131 96147->96131 96148->96131 96149->96138 96155 29359c 82 API calls __wsopen_s 96149->96155 96150->96131 96151->96131 96152->96138 96153->96138 96154->96138 96155->96138 96156->96138 96157->96127 96158->96138 96159 2b2a55 96167 291ebc 96159->96167 96162 2b2a87 96163 2b2a70 96169 2839c0 22 API calls 96163->96169 96165 2b2a7c 96170 28417d 22 API calls __fread_nolock 96165->96170 96168 291ec3 IsWindow 96167->96168 96168->96162 96168->96163 96169->96165 96170->96162 96171 22defc 96174 221d6f 96171->96174 96173 22df07 96175 221d8c 96174->96175 96176 221f6f 348 API calls 96175->96176 96177 221da6 96176->96177 96178 262759 96177->96178 96180 221e36 96177->96180 96181 221dc2 96177->96181 96184 29359c 82 API calls __wsopen_s 96178->96184 96180->96173 96181->96180 96183 22289a 23 API calls 96181->96183 96183->96180 96184->96180 96185 2403fb 96186 240407 CallCatchBlock 96185->96186 96214 23feb1 96186->96214 96188 24040e 96189 240561 96188->96189 96192 240438 96188->96192 96244 24083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96189->96244 96191 240568 96237 244e52 96191->96237 96200 240477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96192->96200 96225 25247d 96192->96225 96199 240457 96202 2404d8 96200->96202 96240 244e1a 38 API calls 3 library calls 96200->96240 96233 240959 96202->96233 96205 2404de 96206 2404f3 96205->96206 96241 240992 GetModuleHandleW 96206->96241 96208 2404fa 96208->96191 96209 2404fe 96208->96209 96210 240507 96209->96210 96242 244df5 28 API calls _abort 96209->96242 96243 240040 13 API calls 2 library calls 96210->96243 96213 24050f 96213->96199 96215 23feba 96214->96215 96246 240698 IsProcessorFeaturePresent 96215->96246 96217 23fec6 96247 242c94 10 API calls 3 library calls 96217->96247 96219 23fecb 96224 23fecf 96219->96224 96248 252317 96219->96248 96222 23fee6 96222->96188 96224->96188 96226 252494 96225->96226 96227 240a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96226->96227 96228 240451 96227->96228 96228->96199 96229 252421 96228->96229 96230 252450 96229->96230 96231 240a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96230->96231 96232 252479 96231->96232 96232->96200 96299 242340 96233->96299 96236 24097f 96236->96205 96301 244bcf 96237->96301 96240->96202 96241->96208 96242->96210 96243->96213 96244->96191 96246->96217 96247->96219 96252 25d1f6 96248->96252 96251 242cbd 8 API calls 3 library calls 96251->96224 96255 25d20f 96252->96255 96256 25d213 96252->96256 96254 23fed8 96254->96222 96254->96251 96270 240a8c 96255->96270 96256->96255 96258 254bfb 96256->96258 96259 254c07 CallCatchBlock 96258->96259 96277 252f5e EnterCriticalSection 96259->96277 96261 254c0e 96278 2550af 96261->96278 96263 254c1d 96264 254c2c 96263->96264 96291 254a8f 29 API calls 96263->96291 96293 254c48 LeaveCriticalSection _abort 96264->96293 96267 254c27 96292 254b45 GetStdHandle GetFileType 96267->96292 96268 254c3d __fread_nolock 96268->96256 96271 240a95 96270->96271 96272 240a97 IsProcessorFeaturePresent 96270->96272 96271->96254 96274 240c5d 96272->96274 96298 240c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96274->96298 96276 240d40 96276->96254 96277->96261 96279 2550bb CallCatchBlock 96278->96279 96280 2550df 96279->96280 96281 2550c8 96279->96281 96294 252f5e EnterCriticalSection 96280->96294 96295 24f2d9 20 API calls _abort 96281->96295 96284 2550cd 96296 2527ec 26 API calls _strftime 96284->96296 96287 2550d7 __fread_nolock 96287->96263 96288 255000 __wsopen_s 21 API calls 96289 2550eb 96288->96289 96289->96288 96290 255117 96289->96290 96297 25513e LeaveCriticalSection _abort 96290->96297 96291->96267 96292->96264 96293->96268 96294->96289 96295->96284 96296->96287 96297->96287 96298->96276 96300 24096c GetStartupInfoW 96299->96300 96300->96236 96302 244bdb pair 96301->96302 96303 244bf4 96302->96303 96304 244be2 96302->96304 96325 252f5e EnterCriticalSection 96303->96325 96340 244d29 GetModuleHandleW 96304->96340 96307 244be7 96307->96303 96341 244d6d GetModuleHandleExW 96307->96341 96308 244c99 96329 244cd9 96308->96329 96312 244c70 96316 244c88 96312->96316 96321 252421 _abort 5 API calls 96312->96321 96314 244cb6 96332 244ce8 96314->96332 96315 244ce2 96349 261d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 96315->96349 96322 252421 _abort 5 API calls 96316->96322 96317 244bfb 96317->96308 96317->96312 96326 2521a8 96317->96326 96321->96316 96322->96308 96325->96317 96350 251ee1 96326->96350 96369 252fa6 LeaveCriticalSection 96329->96369 96331 244cb2 96331->96314 96331->96315 96370 25360c 96332->96370 96335 244d16 96338 244d6d _abort 8 API calls 96335->96338 96336 244cf6 GetPEB 96336->96335 96337 244d06 GetCurrentProcess TerminateProcess 96336->96337 96337->96335 96339 244d1e ExitProcess 96338->96339 96340->96307 96342 244d97 GetProcAddress 96341->96342 96343 244dba 96341->96343 96348 244dac 96342->96348 96344 244dc0 FreeLibrary 96343->96344 96345 244dc9 96343->96345 96344->96345 96346 240a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96345->96346 96347 244bf3 96346->96347 96347->96303 96348->96343 96353 251e90 96350->96353 96352 251f05 96352->96312 96354 251e9c CallCatchBlock 96353->96354 96361 252f5e EnterCriticalSection 96354->96361 96356 251eaa 96362 251f31 96356->96362 96360 251ec8 __fread_nolock 96360->96352 96361->96356 96363 251f51 96362->96363 96366 251f59 96362->96366 96364 240a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96363->96364 96365 251eb7 96364->96365 96368 251ed5 LeaveCriticalSection _abort 96365->96368 96366->96363 96367 2529c8 _free 20 API calls 96366->96367 96367->96363 96368->96360 96369->96331 96371 253627 96370->96371 96372 253631 96370->96372 96375 240a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96371->96375 96377 252fd7 5 API calls 2 library calls 96372->96377 96374 253648 96374->96371 96376 244cf2 96375->96376 96376->96335 96376->96336 96377->96374

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 389 2242de-22434d call 22a961 GetVersionExW call 226b57 394 263617-26362a 389->394 395 224353 389->395 396 26362b-26362f 394->396 397 224355-224357 395->397 398 263632-26363e 396->398 399 263631 396->399 400 263656 397->400 401 22435d-2243bc call 2293b2 call 2237a0 397->401 398->396 402 263640-263642 398->402 399->398 405 26365d-263660 400->405 416 2243c2-2243c4 401->416 417 2637df-2637e6 401->417 402->397 404 263648-26364f 402->404 404->394 407 263651 404->407 408 263666-2636a8 405->408 409 22441b-224435 GetCurrentProcess IsWow64Process 405->409 407->400 408->409 413 2636ae-2636b1 408->413 411 224437 409->411 412 224494-22449a 409->412 415 22443d-224449 411->415 412->415 418 2636b3-2636bd 413->418 419 2636db-2636e5 413->419 425 263824-263828 GetSystemInfo 415->425 426 22444f-22445e LoadLibraryA 415->426 416->405 420 2243ca-2243dd 416->420 421 263806-263809 417->421 422 2637e8 417->422 427 2636bf-2636c5 418->427 428 2636ca-2636d6 418->428 423 2636e7-2636f3 419->423 424 2636f8-263702 419->424 429 263726-26372f 420->429 430 2243e3-2243e5 420->430 434 2637f4-2637fc 421->434 435 26380b-26381a 421->435 431 2637ee 422->431 423->409 432 263704-263710 424->432 433 263715-263721 424->433 436 224460-22446e GetProcAddress 426->436 437 22449c-2244a6 GetSystemInfo 426->437 427->409 428->409 441 263731-263737 429->441 442 26373c-263748 429->442 439 2243eb-2243ee 430->439 440 26374d-263762 430->440 431->434 432->409 433->409 434->421 435->431 443 26381c-263822 435->443 436->437 444 224470-224474 GetNativeSystemInfo 436->444 438 224476-224478 437->438 449 224481-224493 438->449 450 22447a-22447b FreeLibrary 438->450 445 2243f4-22440f 439->445 446 263791-263794 439->446 447 263764-26376a 440->447 448 26376f-26377b 440->448 441->409 442->409 443->434 444->438 451 263780-26378c 445->451 452 224415 445->452 446->409 453 26379a-2637c1 446->453 447->409 448->409 450->449 451->409 452->409 454 2637c3-2637c9 453->454 455 2637ce-2637da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 0022430D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,002BCB64,00000000,?,?), ref: 00224422
                                                                                                                                                                                                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 00224429
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00224454
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00224466
                                                                                                                                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00224474
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 0022447B
                                                                                                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 002244A0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a913c0c099e4fb848a67cf5e4bc2e484dd7a7a5f5ec5be4cdf0d9b3b67ea97a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d31c41d54649be9761dff21128745527ad8bb3b634b7235c8a7193c20ec58308
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a913c0c099e4fb848a67cf5e4bc2e484dd7a7a5f5ec5be4cdf0d9b3b67ea97a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46A1E67693A2D4DFC712EBADBC4C1B57FE47B263E0B9844F8E045A3A61D26045B4CB21

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 793 2242a2-2242ba CreateStreamOnHGlobal 794 2242da-2242dd 793->794 795 2242bc-2242d3 FindResourceExW 793->795 796 2242d9 795->796 797 2635ba-2635c9 LoadResource 795->797 796->794 797->796 798 2635cf-2635dd SizeofResource 797->798 798->796 799 2635e3-2635ee LockResource 798->799 799->796 800 2635f4-263612 799->800 800->796
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,002250AA,?,?,00000000,00000000), ref: 002242B2
                                                                                                                                                                                                                                                                                                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,002250AA,?,?,00000000,00000000), ref: 002242C9
                                                                                                                                                                                                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,002250AA,?,?,00000000,00000000,?,?,?,?,?,?,00224F20), ref: 002635BE
                                                                                                                                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000,?,?,002250AA,?,?,00000000,00000000,?,?,?,?,?,?,00224F20), ref: 002635D3
                                                                                                                                                                                                                                                                                                                                                              • LockResource.KERNEL32(002250AA,?,?,002250AA,?,?,00000000,00000000,?,?,?,?,?,?,00224F20,?), ref: 002635E6
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                              • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f81ae06ba68473fd1af9f1965ff5fa995c88b616019befbe912e0eab827b523e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b00ddb5f976116a2bd0466e0b0c3d1d157ab814709bdd11914814b7ef4dcb345
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f81ae06ba68473fd1af9f1965ff5fa995c88b616019befbe912e0eab827b523e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F117C70210701FFEB219FA6EC48F677BB9EBC9B51F20826AB80296250DB71DC108630

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00222B6B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,002F1418,?,00222E7F,?,?,?,00000000), ref: 00223A78
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,?,?,002E2224), ref: 00262C10
                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,?,?,002E2224), ref: 00262C17
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: runas
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01449d5264d9fd874c8fc3943a3bd06482591bbc92089a1c0b5f0003f4eac9c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d3b97e163521f5371cce5870d13a3bf8ee370e3f3e792dc21d97ccbcfe9d8d5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01449d5264d9fd874c8fc3943a3bd06482591bbc92089a1c0b5f0003f4eac9c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9511E731124355FAC704FFE0F855ABDB7A49B95744F84042DF142160A2CF25867DCB52

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 1239 28d4dc-28d524 CreateToolhelp32Snapshot Process32FirstW call 28def7 1242 28d5d2-28d5d5 1239->1242 1243 28d529-28d538 Process32NextW 1242->1243 1244 28d5db-28d5ea CloseHandle 1242->1244 1243->1244 1245 28d53e-28d5ad call 22a961 * 2 call 229cb3 call 22525f call 22988f call 226350 call 23ce60 1243->1245 1260 28d5af-28d5b1 1245->1260 1261 28d5b7-28d5be 1245->1261 1262 28d5c0-28d5cd call 22988f * 2 1260->1262 1263 28d5b3-28d5b5 1260->1263 1261->1262 1262->1242 1263->1261 1263->1262
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0028D501
                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0028D50F
                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0028D52F
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 0028D5DC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9840f73989146e40c917ba0b46db7e7495c4cc6285c39c6a5ab86a66cdc857c3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 58ea85dc175a14a612a57e178d4add6c193503fe266a3030e12647a941ca4d32
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9840f73989146e40c917ba0b46db7e7495c4cc6285c39c6a5ab86a66cdc857c3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C531C271018301AFD300EF94D885AAFBBF8EF99344F54092DF585921E1EB719998CB93

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 1267 28dbbe-28dbda lstrlenW 1268 28dbdc-28dbe6 GetFileAttributesW 1267->1268 1269 28dc06 1267->1269 1270 28dbe8-28dbf7 FindFirstFileW 1268->1270 1271 28dc09-28dc0d 1268->1271 1269->1271 1270->1269 1272 28dbf9-28dc04 FindClose 1270->1272 1272->1271
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00265222), ref: 0028DBCE
                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?), ref: 0028DBDD
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0028DBEE
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0028DBFA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d21f0fcac3538eab3661117a2e7d6a52d998eaa47ba6d8a7f965873257e2d70
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2033990b5e89b388029917101ac545d052ff6b1529f5a5a942825f2a29a77dc3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d21f0fcac3538eab3661117a2e7d6a52d998eaa47ba6d8a7f965873257e2d70
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FF0E530821910578220BF7CBC0D8AA376C9E01334BA04703F836C20F0EBB05D68C7D5
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(002528E9,?,00244CBE,002528E9,002E88B8,0000000C,00244E15,002528E9,00000002,00000000,?,002528E9), ref: 00244D09
                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00244CBE,002528E9,002E88B8,0000000C,00244E15,002528E9,00000002,00000000,?,002528E9), ref: 00244D10
                                                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00244D22
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 34639f4e585d4b01057dd44a5eca1d5f949e37cd6a926ec248caff9f82423dfe
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a2ee9eef6b68766e714f65d916c0779a11d1b07f59cd850a13646eff0452b8ca
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34639f4e585d4b01057dd44a5eca1d5f949e37cd6a926ec248caff9f82423dfe
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22E0B631420149EBCF16BF54ED0DA583BA9EB45781B604158FD099A122CB75DD62CA84
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: p#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3964851224-3200842618
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0cd60f346d7d171d3b6d206e2d1206b6084f3a2f1a1ef2bec7f764f33ed22567
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3010e0b5c077f28401cdc32ab43e1390e30d71fec85871a01105131e25786b2c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cd60f346d7d171d3b6d206e2d1206b6084f3a2f1a1ef2bec7f764f33ed22567
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCA25870A28311DFD714CF54D480B2AB7E1BF89304F24896DE99A8B352D771E865CF92

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 0 2aaff9-2ab056 call 242340 3 2ab058-2ab06b call 22b567 0->3 4 2ab094-2ab098 0->4 12 2ab0c8 3->12 13 2ab06d-2ab092 call 22b567 * 2 3->13 6 2ab09a-2ab0bb call 22b567 * 2 4->6 7 2ab0dd-2ab0e0 4->7 30 2ab0bf-2ab0c4 6->30 9 2ab0e2-2ab0e5 7->9 10 2ab0f5-2ab119 call 227510 call 227620 7->10 14 2ab0e8-2ab0ed call 22b567 9->14 32 2ab1d8-2ab1e0 10->32 33 2ab11f-2ab178 call 227510 call 227620 call 227510 call 227620 call 227510 call 227620 10->33 17 2ab0cb-2ab0cf 12->17 13->30 14->10 22 2ab0d9-2ab0db 17->22 23 2ab0d1-2ab0d7 17->23 22->7 22->10 23->14 30->7 34 2ab0c6 30->34 35 2ab20a-2ab238 GetCurrentDirectoryW call 23fe0b GetCurrentDirectoryW 32->35 36 2ab1e2-2ab1fd call 227510 call 227620 32->36 82 2ab17a-2ab195 call 227510 call 227620 33->82 83 2ab1a6-2ab1d6 GetSystemDirectoryW call 23fe0b GetSystemDirectoryW 33->83 34->17 44 2ab23c 35->44 36->35 53 2ab1ff-2ab208 call 244963 36->53 47 2ab240-2ab244 44->47 50 2ab246-2ab270 call 229c6e * 3 47->50 51 2ab275-2ab285 call 2900d9 47->51 50->51 64 2ab28b-2ab2e1 call 2907c0 call 2906e6 call 2905a7 51->64 65 2ab287-2ab289 51->65 53->35 53->51 68 2ab2ee-2ab2f2 64->68 96 2ab2e3 64->96 65->68 71 2ab39a-2ab3be CreateProcessW 68->71 72 2ab2f8-2ab321 call 2811c8 68->72 76 2ab3c1-2ab3d4 call 23fe14 * 2 71->76 87 2ab32a call 2814ce 72->87 88 2ab323-2ab328 call 281201 72->88 102 2ab42f-2ab43d CloseHandle 76->102 103 2ab3d6-2ab3e8 76->103 82->83 105 2ab197-2ab1a0 call 244963 82->105 83->44 100 2ab32f-2ab33c call 244963 87->100 88->100 96->68 112 2ab33e-2ab345 100->112 113 2ab347-2ab357 call 244963 100->113 107 2ab43f-2ab444 102->107 108 2ab49c 102->108 109 2ab3ea 103->109 110 2ab3ed-2ab3fc 103->110 105->47 105->83 114 2ab451-2ab456 107->114 115 2ab446-2ab44c CloseHandle 107->115 118 2ab4a0-2ab4a4 108->118 109->110 116 2ab3fe 110->116 117 2ab401-2ab42a GetLastError call 22630c call 22cfa0 110->117 112->112 112->113 135 2ab359-2ab360 113->135 136 2ab362-2ab372 call 244963 113->136 121 2ab458-2ab45e CloseHandle 114->121 122 2ab463-2ab468 114->122 115->114 116->117 126 2ab4e5-2ab4f6 call 290175 117->126 124 2ab4b2-2ab4bc 118->124 125 2ab4a6-2ab4b0 118->125 121->122 130 2ab46a-2ab470 CloseHandle 122->130 131 2ab475-2ab49a call 2909d9 call 2ab536 122->131 127 2ab4be 124->127 128 2ab4c4-2ab4e3 call 22cfa0 CloseHandle 124->128 125->126 127->128 128->126 130->131 131->118 135->135 135->136 146 2ab37d-2ab398 call 23fe14 * 3 136->146 147 2ab374-2ab37b 136->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AB198
                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002AB1B0
                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002AB1D4
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AB200
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002AB214
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002AB236
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AB332
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002905A7: GetStdHandle.KERNEL32(000000F6), ref: 002905C6
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AB34B
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AB366
                                                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002AB3B6
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 002AB407
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002AB439
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AB44A
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AB45C
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AB46E
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002AB4E3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 735992a162624ef6c61fe362acef33008480fbd8d034fe1bb296aa65e79ab103
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a4192f89bb09523afe422756aa6b0c8ec77f68d63bb2d3d298c04044d68996a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 735992a162624ef6c61fe362acef33008480fbd8d034fe1bb296aa65e79ab103
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AF1BD315283419FCB15EF24D891B6EBBE5AF86310F14855DF8899B2A2CB31EC64CF52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 0022D807
                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0022DA07
                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0022DB28
                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0022DB7B
                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0022DB89
                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0022DB9F
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 0022DBB1
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 36a941968a8734845917c85ca08f7a11014a351479e78cea219bb8dd60424e33
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d222c13f7e26a88a50dfb3ebf8ac3e2f7eeb36dd85d2db36e2f336747886a29a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36a941968a8734845917c85ca08f7a11014a351479e78cea219bb8dd60424e33
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30420570628352EFD725CF64E848B6AB7E0BF45304F54855DF49987291D770E8A8CF82

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00222D07
                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 00222D31
                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00222D42
                                                                                                                                                                                                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 00222D5F
                                                                                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00222D6F
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 00222D85
                                                                                                                                                                                                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00222D94
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cf705876273aa877474fec37e668045209fcc582ca40957c2d0fd713841bee5f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14bcb86d9a6e687984fdf85d716acc6b54c6ff05ea63ee266873b94c3e5b4d3d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf705876273aa877474fec37e668045209fcc582ca40957c2d0fd713841bee5f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B421E3B1951208EFDB00DFA4E88DBEDBBB8FB08750F20822AF551A62A0D7B10550CF90

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 457 26065b-26068b call 26042f 460 2606a6-2606b2 call 255221 457->460 461 26068d-260698 call 24f2c6 457->461 467 2606b4-2606c9 call 24f2c6 call 24f2d9 460->467 468 2606cb-260714 call 26039a 460->468 466 26069a-2606a1 call 24f2d9 461->466 477 26097d-260983 466->477 467->466 475 260716-26071f 468->475 476 260781-26078a GetFileType 468->476 479 260756-26077c GetLastError call 24f2a3 475->479 480 260721-260725 475->480 481 2607d3-2607d6 476->481 482 26078c-2607bd GetLastError call 24f2a3 CloseHandle 476->482 479->466 480->479 486 260727-260754 call 26039a 480->486 484 2607df-2607e5 481->484 485 2607d8-2607dd 481->485 482->466 496 2607c3-2607ce call 24f2d9 482->496 489 2607e9-260837 call 25516a 484->489 490 2607e7 484->490 485->489 486->476 486->479 500 260847-26086b call 26014d 489->500 501 260839-260845 call 2605ab 489->501 490->489 496->466 507 26087e-2608c1 500->507 508 26086d 500->508 501->500 506 26086f-260879 call 2586ae 501->506 506->477 510 2608e2-2608f0 507->510 511 2608c3-2608c7 507->511 508->506 514 2608f6-2608fa 510->514 515 26097b 510->515 511->510 513 2608c9-2608dd 511->513 513->510 514->515 516 2608fc-26092f CloseHandle call 26039a 514->516 515->477 519 260963-260977 516->519 520 260931-26095d GetLastError call 24f2a3 call 255333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0026039A: CreateFileW.KERNELBASE(00000000,00000000,?,00260704,?,?,00000000,?,00260704,00000000,0000000C), ref: 002603B7
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0026076F
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00260776
                                                                                                                                                                                                                                                                                                                                                              • GetFileType.KERNELBASE(00000000), ref: 00260782
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0026078C
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00260795
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002607B5
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002608FF
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00260931
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00260938
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 259bf4dd47578cffec3e679edfe9f40640a8c0cd58cda15db61b6fbc0c200a33
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 919f1f3c730d821ea5d3eea75a63f6156ce14bc1437bc4c7f6b84862867bcc2d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 259bf4dd47578cffec3e679edfe9f40640a8c0cd58cda15db61b6fbc0c200a33
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81A14832A201058FDF19EF68D895BAE7BA0AB46320F140159F8159B3D2DB319D62DB91

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,002F1418,?,00222E7F,?,?,?,00000000), ref: 00223A78
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00223379
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0022356A
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0026318D
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 002631CE
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00263210
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00263277
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00263286
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d929231cedfcef0a67535db63a6d1b5409632395d833b0940b46c020224e67bf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5b6376ec6b33325e1e441f8f0e7954fb8584e348144877a0eba5a26d8546d731
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d929231cedfcef0a67535db63a6d1b5409632395d833b0940b46c020224e67bf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57718CB1424311AEC314EF65EC959ABBBE8FF86790F40087EF44593160DB349A98CF62

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00222B8E
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00222B9D
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00222BB3
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 00222BC5
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 00222BD7
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00222BEF
                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 00222C40
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: GetSysColorBrush.USER32(0000000F), ref: 00222D07
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: RegisterClassExW.USER32(00000030), ref: 00222D31
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00222D42
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: InitCommonControlsEx.COMCTL32(?), ref: 00222D5F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00222D6F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: LoadIconW.USER32(000000A9), ref: 00222D85
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00222D94
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: acf9cf8813bba2a8aa8182566276b6228037c8e3ebaed03ab675e85635689365
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c427e6e664b99ca23d18ee2930222a2aa495a02892dbc40310ac94037f6534a6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acf9cf8813bba2a8aa8182566276b6228037c8e3ebaed03ab675e85635689365
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1214C70E10314EBDB109FA6FC4DAA9BFB4FB48BA0F5040AAF500A67A0D7B10564DF90

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 598 223170-223185 599 223187-22318a 598->599 600 2231e5-2231e7 598->600 602 2231eb 599->602 603 22318c-223193 599->603 600->599 601 2231e9 600->601 604 2231d0-2231d8 DefWindowProcW 601->604 605 2231f1-2231f6 602->605 606 262dfb-262e23 call 2218e2 call 23e499 602->606 607 223265-22326d PostQuitMessage 603->607 608 223199-22319e 603->608 609 2231de-2231e4 604->609 611 2231f8-2231fb 605->611 612 22321d-223244 SetTimer RegisterWindowMessageW 605->612 644 262e28-262e2f 606->644 610 223219-22321b 607->610 614 2231a4-2231a8 608->614 615 262e7c-262e90 call 28bf30 608->615 610->609 616 223201-22320f KillTimer call 2230f2 611->616 617 262d9c-262d9f 611->617 612->610 619 223246-223251 CreatePopupMenu 612->619 620 2231ae-2231b3 614->620 621 262e68-262e72 call 28c161 614->621 615->610 639 262e96 615->639 634 223214 call 223c50 616->634 623 262dd7-262df6 MoveWindow 617->623 624 262da1-262da5 617->624 619->610 628 262e4d-262e54 620->628 629 2231b9-2231be 620->629 635 262e77 621->635 623->610 631 262dc6-262dd2 SetFocus 624->631 632 262da7-262daa 624->632 628->604 633 262e5a-262e63 call 280ad7 628->633 637 223253-223263 call 22326f 629->637 638 2231c4-2231ca 629->638 631->610 632->638 640 262db0-262dc1 call 2218e2 632->640 633->604 634->610 635->610 637->610 638->604 638->644 639->604 640->610 644->604 645 262e35-262e48 call 2230f2 call 223837 644->645 645->604
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0022316A,?,?), ref: 002231D8
                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,0022316A,?,?), ref: 00223204
                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00223227
                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0022316A,?,?), ref: 00223232
                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00223246
                                                                                                                                                                                                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00223267
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                              • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1dcb38a03785f5441532cd599eb5e19a28c9d79a7cc08190c7dc3f0ede58ec89
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 830b9874143317364690f72ac7559681278a6fb4cde3a1e729dcac941a0496b3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dcb38a03785f5441532cd599eb5e19a28c9d79a7cc08190c7dc3f0ede58ec89
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32413731230225F7DB149FF8BC1DB793628E705390F540235FA45952A2CBA9DE70DBA1

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 654 221410-221449 655 22144f-221465 mciSendStringW 654->655 656 2624b8-2624b9 DestroyWindow 654->656 657 2216c6-2216d3 655->657 658 22146b-221473 655->658 659 2624c4-2624d1 656->659 661 2216d5-2216f0 UnregisterHotKey 657->661 662 2216f8-2216ff 657->662 658->659 660 221479-221488 call 22182e 658->660 664 2624d3-2624d6 659->664 665 262500-262507 659->665 675 26250e-26251a 660->675 676 22148e-221496 660->676 661->662 667 2216f2-2216f3 call 2210d0 661->667 662->658 663 221705 662->663 663->657 670 2624e2-2624e5 FindClose 664->670 671 2624d8-2624e0 call 226246 664->671 665->659 669 262509 665->669 667->662 669->675 674 2624eb-2624f8 670->674 671->674 674->665 677 2624fa-2624fb call 2932b1 674->677 680 262524-26252b 675->680 681 26251c-26251e FreeLibrary 675->681 678 262532-26253f 676->678 679 22149c-2214c1 call 22cfa0 676->679 677->665 686 262566-26256d 678->686 687 262541-26255e VirtualFree 678->687 691 2214c3 679->691 692 2214f8-221503 CoUninitialize 679->692 680->675 685 26252d 680->685 681->680 685->678 686->678 690 26256f 686->690 687->686 689 262560-262561 call 293317 687->689 689->686 694 262574-262578 690->694 695 2214c6-2214f6 call 221a05 call 2219ae 691->695 692->694 696 221509-22150e 692->696 694->696 697 26257e-262584 694->697 695->692 699 221514-22151e 696->699 700 262589-262596 call 2932eb 696->700 697->696 703 221707-221714 call 23f80e 699->703 704 221524-2215a5 call 22988f call 221944 call 2217d5 call 23fe14 call 22177c call 22988f call 22cfa0 call 2217fe call 23fe14 699->704 712 262598 700->712 703->704 714 22171a 703->714 717 26259d-2625bf call 23fdcd 704->717 744 2215ab-2215cf call 23fe14 704->744 712->717 714->703 723 2625c1 717->723 726 2625c6-2625e8 call 23fdcd 723->726 731 2625ea 726->731 734 2625ef-262611 call 23fdcd 731->734 740 262613 734->740 743 262618-262625 call 2864d4 740->743 750 262627 743->750 744->726 749 2215d5-2215f9 call 23fe14 744->749 749->734 754 2215ff-221619 call 23fe14 749->754 753 26262c-262639 call 23ac64 750->753 758 26263b 753->758 754->743 760 22161f-221643 call 2217d5 call 23fe14 754->760 761 262640-26264d call 293245 758->761 760->753 769 221649-221651 760->769 767 26264f 761->767 770 262654-262661 call 2932cc 767->770 769->761 771 221657-221675 call 22988f call 22190a 769->771 777 262663 770->777 771->770 779 22167b-221689 771->779 780 262668-262675 call 2932cc 777->780 779->780 781 22168f-2216c5 call 22988f * 3 call 221876 779->781 785 262677 780->785 785->785
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00221459
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 002214F8
                                                                                                                                                                                                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 002216DD
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 002624B9
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0026251E
                                                                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0026254B
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: close all
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f6a9f53c85cf40c4d66422fe25fa043e2023171ed8150b0c3d986a8d0ae4dd43
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8295bbfc45ff7f831a6624b612b7f6c253c88afdb7ccd030faa8c868b58384a8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6a9f53c85cf40c4d66422fe25fa043e2023171ed8150b0c3d986a8d0ae4dd43
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82D19D31721622DFDB29EF54E499E29F7A4BF15300F6442ADE44A6B261CB30AC76CF50

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 803 222c63-222cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00222C91
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00222CB2
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00221CAD,?), ref: 00222CC6
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00221CAD,?), ref: 00222CCF
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6644f4071c1ff4de14d08746008a5bf5c663a22542d0e47c8a91613332fb584
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e19e54229c764f9605ab9fc7241bce9028660ed69fcb1e275c267481c2b88fe
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6644f4071c1ff4de14d08746008a5bf5c663a22542d0e47c8a91613332fb584
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9F0DA76540290BAEB311717BC0CEB76EBDD7C7FB0B5000AAF900A66A0C6611860DBB0

                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 1228 223b1c-223b27 1229 223b99-223b9b 1228->1229 1230 223b29-223b2e 1228->1230 1231 223b8c-223b8f 1229->1231 1230->1229 1232 223b30-223b48 RegOpenKeyExW 1230->1232 1232->1229 1233 223b4a-223b69 RegQueryValueExW 1232->1233 1234 223b80-223b8b RegCloseKey 1233->1234 1235 223b6b-223b76 1233->1235 1234->1231 1236 223b90-223b97 1235->1236 1237 223b78-223b7a 1235->1237 1238 223b7e 1236->1238 1237->1238 1238->1234
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00223B0F,SwapMouseButtons,00000004,?), ref: 00223B40
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00223B0F,SwapMouseButtons,00000004,?), ref: 00223B61
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00223B0F,SwapMouseButtons,00000004,?), ref: 00223B83
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e033763920f5e3bb3a59d36709ab1dcb359821af0646088feebd1ffc564e105c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8c917348d92984091bdd48d9b5d61df283112bd2b8e2fb1e0b470eec0756312e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e033763920f5e3bb3a59d36709ab1dcb359821af0646088feebd1ffc564e105c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D112AB5521219FFDB20CFA5EC48AAEB7B8EF04748B104959B805D7210D2759E509B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 002633A2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00223A04
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 768cbb937607ee52c66593b048f2b4452fd7f4dd0359f781307d9c8ca569f4d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d029741351caf9716763e9acc21c3e4c63a0311050e0098e51cda3879bf239f8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 768cbb937607ee52c66593b048f2b4452fd7f4dd0359f781307d9c8ca569f4d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D31E571528324BAC325EF50FC49FEBB7D8AB41750F40096AF59982191DB7496B8CBC2
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 00262C8C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00223A97,?,?,00222E7F,?,?,?,00000000), ref: 00223AC2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00222DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00222DC4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                              • String ID: X$`e.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 779396738-1838813811
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 279aae76b4264f16fd6acedb93ab2c345fb2c9fdfee4977a952a7c78c03e19e2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c1c9be6b63a2936af2bbb2c0a93604faaad791d7a47af3bbcad29fdc94e93494
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 279aae76b4264f16fd6acedb93ab2c345fb2c9fdfee4977a952a7c78c03e19e2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D21C671A20298EBCB11EFD4D849BEE7BF89F58314F40405AE405B7241DBB856AD8FA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00240668
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002432A4: RaiseException.KERNEL32(?,?,?,0024068A,?,002F1444,?,?,?,?,?,?,0024068A,00221129,002E8738,00221129), ref: 00243304
                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00240685
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e47601218e0f723d10c83f40b312c9d1734ad6f04f3306ac72e86ed6e8b7039
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a0e7b85ba4775875d5d3110e3251473ae91b058ebe82ac665f6a1bd30bfb6470
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e47601218e0f723d10c83f40b312c9d1734ad6f04f3306ac72e86ed6e8b7039
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4F0C234D2030E77CB08FAA4E88AC9E776CAE40750BA04571BA1896591EFB1DAB5CD80
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00221BF4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00221BFC
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00221C07
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00221C12
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00221C1A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00221C22
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00221B4A: RegisterWindowMessageW.USER32(00000004,?,002212C4), ref: 00221BA2
                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0022136A
                                                                                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 00221388
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 002624AB
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed687de574c688134db1522e58babb93e8b376d4540cc5c5a54264454df37524
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c185ad021dfdb8dbe97f2fd3425b9c97d0ff3e02303785a0678f29b6d4c61e58
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed687de574c688134db1522e58babb93e8b376d4540cc5c5a54264454df37524
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5171ABB4921244DFE384EF7AB94DAB57AE4BB987E47D4823AD10AC7261EB314474CF40
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00223A04
                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0028C259
                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?), ref: 0028C261
                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0028C270
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c61e2568da8a2128fefef2c38ee74ae943a4f636d396f0bf4c65ff3c491e549
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 42dbc55180ba84f24e2f23ef6d840b26c7d6d4e61d8e99091ccedcf92505d6c8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c61e2568da8a2128fefef2c38ee74ae943a4f636d396f0bf4c65ff3c491e549
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7931E574911354AFEB22DF649899BE7BBEC9B02304F10009AD5DA932C5C7745A84CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000,00000000,?,?,002585CC,?,002E8CC8,0000000C), ref: 00258704
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,002585CC,?,002E8CC8,0000000C), ref: 0025870E
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00258739
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 961dc72a9c19ad7752e6ddeba22cae443de2bb4abb157d2f6cdebe562b51e15d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0420c73a8aac0c85115949a29e44ef027f7f8b7b00552dc5af60e306b04d4be2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 961dc72a9c19ad7752e6ddeba22cae443de2bb4abb157d2f6cdebe562b51e15d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE016B32A3523027D3646634A84977E674D4F81776F390259FC08AB0D2DEF0CC99C55C
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0022DB7B
                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0022DB89
                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0022DB9F
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNELBASE(0000000A), ref: 0022DBB1
                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,?,?), ref: 00271CC9
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 824fb9e39a0dba087bedcfa29e7fb18ea93f1dfc5a63c4b41fc69d3c0a215ba9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d03ebea8cf5eef20a41276c6092328450a6252a7ee6491897dc287621def706
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 824fb9e39a0dba087bedcfa29e7fb18ea93f1dfc5a63c4b41fc69d3c0a215ba9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF054305643459BE730CBA0AC5DFEA73ACEF44350F604619E64AC30D0DB30A468DB16
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 002317F6
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                              • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7cb5ddab142edd7bec31b01bd93dc0297c91a8ebcdea59976fc9687f51c57d22
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4cf542b8cab2498947ea251b4b74c14db8b620bc26fe206eebe963245eeaa1a8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cb5ddab142edd7bec31b01bd93dc0297c91a8ebcdea59976fc9687f51c57d22
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07228BB06282029FC714CF14C485A2ABBF1BF89314F58896DF49A8B361D771E875CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00223908
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbe9390365780b20ec84b815da85350f32b0149daacf66e8e0ec9884a29ee728
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d33a623336e7193e76face38f4b3dcd3d5d860d5600455d369fd3a9a6f90da9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbe9390365780b20ec84b815da85350f32b0149daacf66e8e0ec9884a29ee728
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2231C370614311DFD320DF64E8887A7BBF4FB49358F00096EF59987250E7B5AA64CB52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0023F661
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022D730: GetInputState.USER32 ref: 0022D807
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0027F2DE
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f15b5a52d9f6d92aac25e939267fb4b9872bd13b4b25c33b034cb0f1e29d2e55
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2cbeed8758eeb40931406fb17215972fddd4402b25a16671bbc66e4c0429f8ab
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f15b5a52d9f6d92aac25e939267fb4b9872bd13b4b25c33b034cb0f1e29d2e55
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF08C71260615AFD354EFB9E549B6AB7E8EF45760F00412AE85DCB261DB70A820CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00224EDD,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E9C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00224EAE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E90: FreeLibrary.KERNEL32(00000000,?,?,00224EDD,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224EC0
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224EFD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00263CDE,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E62
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00224E74
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00224E59: FreeLibrary.KERNEL32(00000000,?,?,00263CDE,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E87
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ba501b803afddc014bda291145a22845e246e9dc8db5b21722e71dcf879b50b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9165d19166438245910549e75d78f8902a7276dbffbb27a8844c76259c1bf493
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ba501b803afddc014bda291145a22845e246e9dc8db5b21722e71dcf879b50b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38112B31630225BADF14FFA0ED02FAD77A4AF80714F20842DF542AA1C1DEB49E649F50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 73f7c652f5c21e14cd02b7c052f8ccd1a229c2cf35b97047dd13e97e3f3a7aa9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2266806ce6b862c497b5423898f82be0de67972d58c7a09a4fc47e0a1116d820
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73f7c652f5c21e14cd02b7c052f8ccd1a229c2cf35b97047dd13e97e3f3a7aa9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7111487190410AAFCB05DF58E94099A7BF9EF48314F104069FC09AB312DA70EA25CBA9
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00254C7D: RtlAllocateHeap.NTDLL(00000008,00221129,00000000,?,00252E29,00000001,00000364,?,?,?,0024F2DE,00253863,002F1444,?,0023FDF5,?), ref: 00254CBE
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025506C
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0ac8f6db683a45e2470b25763d3a2a06cfd8ee49c0f82c9167c30876b2391fd1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3014E722147059BE331CF55D84195AFBECFB89371F25051DE984932C0E670A809C778
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d1ea05eb78d9f2865ffa2b5102da72049e6bcf5d984387ea757a08f04d03673
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74F04932530A1096EB353E758C05B56339CAF52331F120715FC20921C1CBB0D4298EA9
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00221129,00000000,?,00252E29,00000001,00000364,?,?,?,0024F2DE,00253863,002F1444,?,0023FDF5,?), ref: 00254CBE
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 60bc0bfb659fa1c2e602188c673db64412bdf2637e536d2924960889764e8be0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9ea3b829ac4419893f3b76f219a62865df5199293e896ddfcb47d0547f953bc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60bc0bfb659fa1c2e602188c673db64412bdf2637e536d2924960889764e8be0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F0E03163212567DB217F629C09B56B748BFC17BBB154123FC15A7290CA70D87446D4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6,?,00221129), ref: 00253852
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1fe04642ad8a2eb062ab48bc3b1b7a0909bd0d64c6475862ac610db9ed6fe267
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 541dbb10653d566997e41af8a031730de94258ef838dcb1ac4f4fff6f4aead40
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe04642ad8a2eb062ab48bc3b1b7a0909bd0d64c6475862ac610db9ed6fe267
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59E0E532130226A6D639AE669C0CB9A3649AB427F2F151132BC14A3490CB71DD2586E8
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224F6D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ede91a631d0ee409a2f73d1bdd9e1db4df8831fcf4735653f5d3aaee7c328807
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ca1eb96d73b36745abf56e8845b5b528a603f747744f5153c03741c822da1cd
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ede91a631d0ee409a2f73d1bdd9e1db4df8831fcf4735653f5d3aaee7c328807
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F0A071025722DFDB38AFA4E590812B7E4FF40319320897EE2EA82910C7719854DF10
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 002B2A66
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7dda8841cb2888788b2f3e3167e51e502e564f441d2e36b3a3c593ee8478564d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a83355c625b72dfb52d4d940fd03f908eb5bbf0a3ddac28cc504f1ac8680d94
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dda8841cb2888788b2f3e3167e51e502e564f441d2e36b3a3c593ee8478564d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE04F36371216EAD714FA31EC848FA775CEB503D5710453AED2AD2140DF3099B98AA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0022314E
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d9a1c640222c28928f8060258fe32964a527d721ed8599bb033692f8a1dce47
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f22478dc578b39e780c351b43a994e6a58f45c4574f691356a4cbe7b2d168042
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d9a1c640222c28928f8060258fe32964a527d721ed8599bb033692f8a1dce47
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96F0A770910318DFE752DF24EC4ABE57BBCA701708F0000E5A14896182D7744B98CF41
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00222DC4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f034e34800208cb7ce0260687868042217625dc172e6e35ca0acb7d68ea0e08
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b54c35b0ef49889bf12a2169a167954af089fb30eddc4a2edc72934516fceca
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f034e34800208cb7ce0260687868042217625dc172e6e35ca0acb7d68ea0e08
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23E0CD726002245BC72092989C09FDA77DDDFC8794F040171FD09E7248D960AD908950
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00223908
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022D730: GetInputState.USER32 ref: 0022D807
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00222B6B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002230F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0022314E
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: da6a405a5250da0b41923d287bb5770a7a5cc4e68ad0905a206095437111aee1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3635eeb5af5d018bda97df372e42414068cb60c9ab3a5ed202291bc45a5906e3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da6a405a5250da0b41923d287bb5770a7a5cc4e68ad0905a206095437111aee1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CE0262132022872C604FBF4B81657DE3499BD5351F80053EF14287162CE2946798A62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(00000000,00000000,?,00260704,?,?,00000000,?,00260704,00000000,0000000C), ref: 002603B7
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 439e2afdfc01ff27c6ea72bc5da0c2d8138a7fcb2135dfc81b486071f7d61a32
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6568403c741a34cc695a762eb9c43c37327b09f845659665c75c3f837d208672
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 439e2afdfc01ff27c6ea72bc5da0c2d8138a7fcb2135dfc81b486071f7d61a32
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CD06C3205010DBBDF028F84ED06EDA3BAAFB48714F114100BE1866020C732E821AB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00221CBC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68d6e5e2a22c7ab459c65fca99cf9af88d3c9565525087df15db450cbb52bc0c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2b62ec4eb81a91da899c8af28305356d9c9b3133383a75d6e687dc7f8bf1e43a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68d6e5e2a22c7ab459c65fca99cf9af88d3c9565525087df15db450cbb52bc0c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBC09236280305EFF2288B80BC5EF207764E348B60F948011F609B96E3C3A22820EB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 002B961A
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002B965B
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 002B969F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002B96C9
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B96F2
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 002B978B
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000009), ref: 002B9798
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002B97AE
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 002B97B8
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002B97E9
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B9810
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001030,?,002B7E95), ref: 002B9918
                                                                                                                                                                                                                                                                                                                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 002B992E
                                                                                                                                                                                                                                                                                                                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 002B9941
                                                                                                                                                                                                                                                                                                                                                              • SetCapture.USER32(?), ref: 002B994A
                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 002B99AF
                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 002B99BC
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002B99D6
                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 002B99E1
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B9A19
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B9A26
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 002B9A80
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B9AAE
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 002B9AEB
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B9B1A
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 002B9B3B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 002B9B4A
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B9B68
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B9B75
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 002B9B93
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 002B9BFA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B9C2B
                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 002B9C84
                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 002B9CB4
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 002B9CDE
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 002B9D01
                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 002B9D4E
                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 002B9D82
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239944: GetWindowLongW.USER32(?,000000EB), ref: 00239952
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B9E05
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGID$F$p#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429851547-1087944916
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f4c8880f058194889eab73c46b3999dbcf0e0ef6a08564ac21187017b8a440b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e80c331d55913dfa8a9a2688d1842a7dc27cea9b5d8d73ff99ed2f42a1aff7bd
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4c8880f058194889eab73c46b3999dbcf0e0ef6a08564ac21187017b8a440b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A429E70624242AFD724CF24DC48EEABBE9FF89390F144619F695872A1D771E8A0CF51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 002B48F3
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 002B4908
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 002B4927
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 002B494B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 002B495C
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 002B497B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 002B49AE
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 002B49D4
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 002B4A0F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 002B4A56
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 002B4A7E
                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 002B4A97
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002B4AF2
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002B4B20
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B4B94
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 002B4BE3
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 002B4C82
                                                                                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 002B4CAE
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002B4CC9
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 002B4CF1
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 002B4D13
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002B4D33
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 002B4D5A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                              • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7c2fbde266076146ff32339a8275b173964d70ab03c7089f92bc31d537e1f93
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6500b71b6943dd69c33f1e556a8a671f03ed75dd5e9a5da6a0a31674403f706d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7c2fbde266076146ff32339a8275b173964d70ab03c7089f92bc31d537e1f93
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F120371520215ABEB24AF24DC89FEE7BF8EF44750F104219F915DB2E2DBB49950CB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0023F998
                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0027F474
                                                                                                                                                                                                                                                                                                                                                              • IsIconic.USER32(00000000), ref: 0027F47D
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000009), ref: 0027F48A
                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0027F494
                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0027F4AA
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0027F4B1
                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0027F4BD
                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0027F4CE
                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0027F4D6
                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0027F4DE
                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0027F4E1
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0027F4F6
                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0027F501
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0027F50B
                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0027F510
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0027F519
                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0027F51E
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0027F528
                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0027F52D
                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0027F530
                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0027F557
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b1cda18beb62eb73682249fe5f9a46db1edc2da94771ad119c309a25dcfb1a11
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 92519dcc7554069e064fab95d3f3764f40d960f3fe06c748220dc711f66ff1b7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1cda18beb62eb73682249fe5f9a46db1edc2da94771ad119c309a25dcfb1a11
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27319471A50218BBEB206FB59C4EFBF7E6CEB44B50F204125FA04F61D1C6B05D10AB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0028170D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0028173A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: GetLastError.KERNEL32 ref: 0028174A
                                                                                                                                                                                                                                                                                                                                                              • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00281286
                                                                                                                                                                                                                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 002812A8
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002812B9
                                                                                                                                                                                                                                                                                                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 002812D1
                                                                                                                                                                                                                                                                                                                                                              • GetProcessWindowStation.USER32 ref: 002812EA
                                                                                                                                                                                                                                                                                                                                                              • SetProcessWindowStation.USER32(00000000), ref: 002812F4
                                                                                                                                                                                                                                                                                                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00281310
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002811FC), ref: 002810D4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810BF: CloseHandle.KERNEL32(?,?,002811FC), ref: 002810E9
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                              • String ID: $default$winsta0$Z.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 22674027-790370899
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 945edb2b74575922a3fbd950526385f461df3e3a3b9480925d34da0646585db7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ea64eaea0d3ad903234a38d9655d1c3428c035f2925c062b3ad1365627a40d4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 945edb2b74575922a3fbd950526385f461df3e3a3b9480925d34da0646585db7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3681AF7592220AAFDF11AFA4DC49FEE7BBDEF04704F148129F911A61E0D7718966CB20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00281114
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281120
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 0028112F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281136
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0028114D
                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00280BCC
                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00280C00
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00280C17
                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00280C51
                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00280C6D
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00280C84
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00280C8C
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00280C93
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00280CB4
                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00280CBB
                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00280CEA
                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00280D0C
                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00280D1E
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280D45
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280D4C
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280D55
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280D5C
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280D65
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280D6C
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00280D78
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280D7F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: GetProcessHeap.KERNEL32(00000008,00280BB1,?,00000000,?,00280BB1,?), ref: 002811A1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00280BB1,?), ref: 002811A8
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00280BB1,?), ref: 002811B7
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2289e66ccac996b2d05f82464bf396ddba7bb8a24d3aa14fceaa5ff877407593
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d1438f28c820329bb0248147aa1db0f2cc83e1a4cdb015405991fe96a65195e7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2289e66ccac996b2d05f82464bf396ddba7bb8a24d3aa14fceaa5ff877407593
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F715C7691120AAFDF50EFA4EC88FAEBBB8FF04310F144625F914A7191D771A919CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(002BCC08), ref: 0029EB29
                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0029EB37
                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 0029EB43
                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0029EB4F
                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0029EB87
                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0029EB91
                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0029EBBC
                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0029EBC9
                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 0029EBD1
                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0029EBE2
                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0029EC22
                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 0029EC38
                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000F), ref: 0029EC44
                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0029EC55
                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0029EC77
                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0029EC94
                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0029ECD2
                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0029ECF3
                                                                                                                                                                                                                                                                                                                                                              • CountClipboardFormats.USER32 ref: 0029ED14
                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0029ED59
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1940ae59952a193b9a7f396e75e18db5f661758837b0edea607b1eb56a05afe2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 918c19a6987b4b0401f6eb15b87b61a4fa4e717beb5920254777ce8995ccb276
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1940ae59952a193b9a7f396e75e18db5f661758837b0edea607b1eb56a05afe2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41610174214302AFDB00EF64E898F2A77A8FF84714F15461DF856872A2DB30DD55CB62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 002969BE
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00296A12
                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00296A4E
                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00296A75
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00296AB2
                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00296ADF
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 23d7944b8b35bc714179e8b38da403078a14ba5962c161d2e92fd530467eac3f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 684603884a71edcd406ea00e4ddbe37a9c06f5ffdf4388729300b17eee04e646
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23d7944b8b35bc714179e8b38da403078a14ba5962c161d2e92fd530467eac3f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BED18EB2518310AEC700EFA0D995EAFB7ECAF88704F44491EF585D6191EB34DA58CB62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00299663
                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 002996A1
                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 002996BB
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 002996D3
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 002996DE
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 002996FA
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0029974A
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(002E6B7C), ref: 00299768
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00299772
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0029977F
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0029978F
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 265b289bc08edc55e1356f367dc7ef3aeb235d2cd3356578008ef2bbce5a01e7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5415249e5756edbcbffc2a87ab0997698baa0b5c508427e046200626c22ae6ea
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 265b289bc08edc55e1356f367dc7ef3aeb235d2cd3356578008ef2bbce5a01e7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A631C37256021A6BDF14EFF9EC4CADE77AC9F49370F14425AF805E2190DB71D9A08E20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 002997BE
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00299819
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00299824
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00299840
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00299890
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(002E6B7C), ref: 002998AE
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 002998B8
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 002998C5
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 002998D5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0028DB00
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 61c89ec453778d6ff5ce1443c7c3a3e2d43f4c2bc25a054e7b39ff04f954b224
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c33b2b8569d7463b8066fadaae5f331b6176cbf54d814f5bec746666f2d0932d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61c89ec453778d6ff5ce1443c7c3a3e2d43f4c2bc25a054e7b39ff04f954b224
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E831D43156121A6FDF14EFB9EC48ADE77ACAF06370F24425EE850A2191DB70DDA4CE20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002AB6AE,?,?), ref: 002AC9B5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002AC9F1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA68
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA9E
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002ABF3E
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 002ABFA9
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002ABFCD
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 002AC02C
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 002AC0E7
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002AC154
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002AC1E9
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 002AC23A
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002AC2E3
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002AC382
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002AC38F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 17c282895f7c1e739011b68c1bd71aeca7a2fff17e31c23dc5ad43c02c47e50f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73a5d3cd94d39e28756958913fda96e7c6945ab76aa90f8e9f89c7abdf14b8ae
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17c282895f7c1e739011b68c1bd71aeca7a2fff17e31c23dc5ad43c02c47e50f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22025C71614201AFC714DF28C895E2ABBE5EF89318F18849DF84ADB2A2DB31EC55CF51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00298257
                                                                                                                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00298267
                                                                                                                                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00298273
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00298310
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00298324
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00298356
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0029838C
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00298395
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5490b1faec2863460e3fe0fdc0908af7647b456fa68d9aa6f179a387d1b17c02
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d51cb6f153cd8930b9bff3c6890a286645d52351c51b1c05614aef4f130ef6e1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5490b1faec2863460e3fe0fdc0908af7647b456fa68d9aa6f179a387d1b17c02
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60618C71524345AFCB10EF60D8449AEB3E8FF89310F18496EF98987251DB31E965CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00223A97,?,?,00222E7F,?,?,?,00000000), ref: 00223AC2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E199: GetFileAttributesW.KERNEL32(?,0028CF95), ref: 0028E19A
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0028D122
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0028D1DD
                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0028D1F0
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0028D20D
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0028D237
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0028D21C,?,?), ref: 0028D2B2
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0028D253
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0028D264
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4bf78ea46a20402494292a2d546042a42de2ca0ec5efde198be57f0a613897f4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: df4269248a2c4242712ca64cdd4068304c2995d7858783f0d3e6b4b250a70d80
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bf78ea46a20402494292a2d546042a42de2ca0ec5efde198be57f0a613897f4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B61573582211DAACF05FBE0E9929EDB7B5AF14300F644165E802771D6EB306F69CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 063ebb523113cb4fe7d69d3f5398cd89c2c62f23ddaff34f2d7c3e36ecc6095e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d7f268b891c7376a36601dec5f63845b3d5378079e739891bb5fdb59ab7f96bc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 063ebb523113cb4fe7d69d3f5398cd89c2c62f23ddaff34f2d7c3e36ecc6095e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B41DF31614612AFEB20DF15E88CF19BBE5FF44328F25C199E8558BA62C735EC51CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0028170D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0028173A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002816C3: GetLastError.KERNEL32 ref: 0028174A
                                                                                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 0028E932
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 047524d10548e46c9610ced8a611841e2fcc0b503cd0b1d830bfb0c415a3fbb1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6a7222d19c3c7c33dffeb2fb3c35b6b0294bcd95b9ef17fcae154ca30892afeb
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 047524d10548e46c9610ced8a611841e2fcc0b503cd0b1d830bfb0c415a3fbb1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2701FE76632211ABEF643674AC89FBF725C9714750F164521FC13E31D3D6E05C6087A0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 002A1276
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1283
                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 002A12BA
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A12C5
                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 002A12F4
                                                                                                                                                                                                                                                                                                                                                              • listen.WSOCK32(00000000,00000005), ref: 002A1303
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A130D
                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 002A133C
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c79b03143effcc63d8b3cbbdf5a2d904fd432b8be0a867f832227367d0051241
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd023e2ac2e53356828f868d3896f975d42dcb971bca7cb277021615ee820bb1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c79b03143effcc63d8b3cbbdf5a2d904fd432b8be0a867f832227367d0051241
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F41B631610111AFD710DF64D488B29BBE5BF46328F288188E8569F3D6CB71EC91CBE1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025B9D4
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025B9F8
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025BB7F
                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,002C3700), ref: 0025BB91
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,002F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0025BC09
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,002F1270,000000FF,?,0000003F,00000000,?), ref: 0025BC36
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025BD4B
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 688d1541d6d24867ae5ab3f7c66b571609bb5b5532c7004b5b22ec981ea5bc9d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3b1a625d040d47f132730fcdc4492615540dc0143e52a5c1d30b26d0d1caba9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 688d1541d6d24867ae5ab3f7c66b571609bb5b5532c7004b5b22ec981ea5bc9d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8C14B71920205EFCB12DF789C45BB9BBB8EF41352F1441AAEC90D7291E7708D69CB58
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00223A97,?,?,00222E7F,?,?,?,00000000), ref: 00223AC2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E199: GetFileAttributesW.KERNEL32(?,0028CF95), ref: 0028E19A
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0028D420
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0028D470
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0028D481
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0028D498
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0028D4A1
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c676a44ff05b9f0263631c4411d2caac1bc594c0fe2f3c8b75a44eb6c031c93a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 48671aff44d2ab16af223f0c51691db7f9ac58e3b31435424e480f52203aaee0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c676a44ff05b9f0263631c4411d2caac1bc594c0fe2f3c8b75a44eb6c031c93a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53317031029395ABC304FFA4E8558AF77A8BE91310F844A1DF4D1521D1EB30AA2DCB63
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ce989eaee878754d2708c1ed1dab39e81260de07ef9c01363415f2799dd48b1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db503ba8da7fab2c04046fbd1c915d050550f6c6b6a9565edd99deebddec8a13
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ce989eaee878754d2708c1ed1dab39e81260de07ef9c01363415f2799dd48b1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CC27E71D246298FDF68CE28CD407E9B3B5EB48306F1541EAD80DE7240E774AE998F44
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002964DC
                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00296639
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(002BFCF8,00000000,00000001,002BFB68,?), ref: 00296650
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 002968D4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0a9d12eaf138a0dcfab374f7f7cc4c02630a09ded08c78d8c0d1c75e3ec5ff49
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f193e02145a160e06700ca821b1758b7e03de5cb443391cf7bff2c5001deabc8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a9d12eaf138a0dcfab374f7f7cc4c02630a09ded08c78d8c0d1c75e3ec5ff49
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16D17A71528211AFC704EF64D885D6BB7E8FF98304F50492DF4858B2A1EB30ED59CB92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 002A22E8
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029E4EC: GetWindowRect.USER32(?,?), ref: 0029E504
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 002A2312
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 002A2319
                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 002A2355
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002A2381
                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 002A23DF
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0bb0288958f155ff3a6de28f02e19fbdb5c4f7636a055e19f9fb7b453204af31
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 388c71e809132e38715e0a30b056689bb69048427ba294e6a9eaaa25e7026f76
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bb0288958f155ff3a6de28f02e19fbdb5c4f7636a055e19f9fb7b453204af31
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01310272505305AFDB20DF18DC09F5BB7A9FF86310F100A19F985A7181DB34E918CB92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00299B78
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00299C8B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00293874: GetInputState.USER32 ref: 002938CB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00293874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00293966
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00299BA8
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00299C75
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44bb47fb5490382482af1f6cb634931c60bfc1e21f0ff413141ecfef1974d706
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1bb70d8273d12d4d785d32d217155194fc3426acd8f718352eaf1ce4e878bee
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44bb47fb5490382482af1f6cb634931c60bfc1e21f0ff413141ecfef1974d706
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F441847191021AAFCF14DFA8DC59AEE7BB8FF09310F24415AE805A2191DB309EA4CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 00239A4E
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00239B23
                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 00239B36
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cb11516f146b22ee6960834039d1193bdab3521c45105b0f8448084b65f7689e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2689abbc62e6977fcd6d43806ff9ce49b6aadac5f4bb28d07c942c5068af0f3e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb11516f146b22ee6960834039d1193bdab3521c45105b0f8448084b65f7689e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4A149F1238405EEE7289E3D9C98EBB265DDB43390F10831AF502C6695CAF59DB1C671
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002A307A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A304E: _wcslen.LIBCMT ref: 002A309B
                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 002A185D
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1884
                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 002A18DB
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A18E6
                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 002A1915
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7528fb4b3a567679816296b16fb977b585856273267df1ed37ed9846944cbf0c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b62058b0fcbb9b75dd1ea8ac7acab51c1c94027ee3a93b512926269acd6b705e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7528fb4b3a567679816296b16fb977b585856273267df1ed37ed9846944cbf0c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C51D471A10210AFE710AF64D886F2A77E5AF45718F148058F9055F3D3CB75AD61CBA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c3300d8896b58b5edce31f45bdae65d2503a0741112ea106f18b8688a01bfc5
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 699e944ddf41a6d61347d010e0d3bd1acc2015bd32215b2ebe5f2b269f87ff8d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c3300d8896b58b5edce31f45bdae65d2503a0741112ea106f18b8688a01bfc5
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E21F9317502129FD7208F1AD864FAA7FE5EF85394F688059E845CB351CB71EC62CB91
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f7c24e2d861abfadc6f6e9e15321725cd12772a0a1099eac0c3b950634750d1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cae81357299455797165ac4f9c4c415f3691044abe237e5d34aebb1fde548d48
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f7c24e2d861abfadc6f6e9e15321725cd12772a0a1099eac0c3b950634750d1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27A28E70E2162ADBDF24CF98D8447ADB7B1BF54310F2481AAE815A7284DB74DDE1CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0028D608
                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,t*.,?,0000000C,?,00000028,?,00000000), ref: 0028D645
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0028D650
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                              • String ID: t*.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 33631002-520411257
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5f45b53a649f45b95983d648ff9821854ffd7d7d42bb403b997eada62c685fbf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49d085626c61b59a0cd88a093bdea02ce6b8def213a24f6c951fdeba19410e52
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f45b53a649f45b95983d648ff9821854ffd7d7d42bb403b997eada62c685fbf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4115E75E05228BFDB109F99EC49FAFBBBCEB45B50F108165F904E7290D6704A058BA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 002882AA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ($tb.$|
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1659193697-4210434425
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8b52b745fb313ecfb9b9253a42b54bd47137b103bd4ee525421282a333ceb1ca
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f6676ddc1b867a0bff4a12f650dd7aa40ea5b01a0a4dbe37bcb76f25cd1eacae
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b52b745fb313ecfb9b9253a42b54bd47137b103bd4ee525421282a333ceb1ca
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E324778A11606DFCB28DF19C08096AB7F0FF48710B55C46EE89ADB7A1EB70E951CB40
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0028AAAC
                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080), ref: 0028AAC8
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0028AB36
                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0028AB88
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 824bb6e35d22cf7cd0017bf5d61c95503939331fe68d6b739769c533cb8edadd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e0a7246ac7153df10de36410400f577c6e37a24a4da1833523a30f09a0d30bdc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 824bb6e35d22cf7cd0017bf5d61c95503939331fe68d6b739769c533cb8edadd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59315D34A62209AEFF35EF64CC05BFA7BA6AB54314F18421BF081521D1DB7489A1C762
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 0029CE89
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 0029CEEA
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 0029CEFE
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b251f17249d7d8e129751f5804d4367477ab61b0d1c3e98f1001f1cff893a221
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 911e10b3e7efda460f0683549539ad84b565c0bf8111ad3da349b6ad40173999
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b251f17249d7d8e129751f5804d4367477ab61b0d1c3e98f1001f1cff893a221
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D21AFB15207069BEF20DF65D948BA7B7FCEB50354F20442EE686D2551E770EE148B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00295CC1
                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00295D17
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00295D5F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e6626b336898b9bdfaee436125ffeba8b998d5a117a6b9f556b5ec11a7fbe65e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aaddeb9a1d93672596dedee084063d70eb8265b677559648eb5a0d6ab6b12e55
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6626b336898b9bdfaee436125ffeba8b998d5a117a6b9f556b5ec11a7fbe65e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2519B347146129FCB14CF28D498A9AB7E4FF09314F14855EE99A8B3A1CB30EC24CFA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0025271A
                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00252724
                                                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00252731
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b40da19315a605a0f0fd06a76d112a2d89e61d8ee4a6586988e70dff11c5cb4c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ca2e962379b7c5788157c772c6ff1030afec028da14a9518b0156b8af8bee505
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b40da19315a605a0f0fd06a76d112a2d89e61d8ee4a6586988e70dff11c5cb4c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6131D7749112289BCB21DF64DC8879CBBB8AF08310F5041DAE90CA7261E7309F958F45
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 002951DA
                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00295238
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 002952A1
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: edd7312dbf5146b32dcdb18fe29be71a1bb79a83de30c005a97a34e72ed447e4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 95f4b86312cc5e5fc9686507463d04a6e15e95325c5ccbbc27bda8ac0ec7cec6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edd7312dbf5146b32dcdb18fe29be71a1bb79a83de30c005a97a34e72ed447e4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E315275A10518EFDB00DF94D484EADBBB4FF48314F148099E805AB362D735E855CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00240668
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00240685
                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0028170D
                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0028173A
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0028174A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 458d82e11eef65c5971fb039132e2dd949b4a23d42217538a4fc0bcf8119df33
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 11ade0d27781e8a1468bb7b9b642434587301f526f3f447357e08c64f5206bdc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 458d82e11eef65c5971fb039132e2dd949b4a23d42217538a4fc0bcf8119df33
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F1194B2414309AFD718AF54EC8AD6AB7BDEF44714B20852EF05657281EB70BC518B20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0028168C
                                                                                                                                                                                                                                                                                                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 002816A1
                                                                                                                                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 002816B1
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6b86dbec7deb9da3e6568de71e3941246e5c9eb3de1bbc9e7624ec4ca65a37b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4db1953eb2f61aabc0549f6715ae71e7bd9ee0103392b145cbe17eebfb11f4b9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6b86dbec7deb9da3e6568de71e3941246e5c9eb3de1bbc9e7624ec4ca65a37b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF0F475950309FBDB00EFE49C89AAEBBBCFB08704F504965E501E2181E774AA448B60
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8224a430187c9068c2e5e3eddb1a4ec79c2df096f5485063ecd53327ab82fa9b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 53be17d68f18993212babcaba6930eb40805b6bb01b995a4dd89ea5681e4fe34
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8224a430187c9068c2e5e3eddb1a4ec79c2df096f5485063ecd53327ab82fa9b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96414672910319AFCB249FB9CC49EAB77B8EB84315F2042A9FD05C7180F2709D858B54
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 0027D28C
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa94653f5019b3920ae4931f7e2147d334ed3ea9ce3cb41db838af6dfb8ea7d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f0850b5fad751f395da215349050a8ca14ee3138403d334bbac0b893186a12e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa94653f5019b3920ae4931f7e2147d334ed3ea9ce3cb41db838af6dfb8ea7d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36D0C9B482511DEBCB94DB90EC88DDDB37CBB04305F104652F506A2000DB7095498F10
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d7dff5f54a4755fc46ef14e45341d2ef65c85257722b82c1626db9c7154b4561
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61023D71E112199FDF58CFADC8806ADFBF1EF48324F25816AD919E7380D731AA518B84
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: Variable is not of type 'Object'.$p#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4194470516
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b440a269374af8c6626158186ba56785da3036815a2f7c186e41b86d8f60e07
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a0623d7bd9c56966fc5377170c1f32b628f263948e0d123a395236edd9790abf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b440a269374af8c6626158186ba56785da3036815a2f7c186e41b86d8f60e07
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A328070930229EBCF14DFD0E985AEDB7B5FF05304F24805AE80AAB291D775AD69CB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00296918
                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00296961
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 168ffd9b3622b2b98bab43c68de48ca5dd32b18c217ab0eca8b9d4d7eab8762e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f8e648c25e93784c35f54e5597655f1f7b3f24262bd2b4a810925aa4e6e127ce
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 168ffd9b3622b2b98bab43c68de48ca5dd32b18c217ab0eca8b9d4d7eab8762e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611D0316142119FDB10CF69D488A1ABBE0FF88328F14C699E8698F6A2C730EC15CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,002A4891,?,?,00000035,?), ref: 002937E4
                                                                                                                                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,002A4891,?,?,00000035,?), ref: 002937F4
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 670fe7f9979679eff2d769844e62f7dd066106474f0c0116373a1825b7ce0f7c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 312de1d8281223c748fef1674d63204f7a9ffb0778f78f0d57ccf1fa03c80dc2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 670fe7f9979679eff2d769844e62f7dd066106474f0c0116373a1825b7ce0f7c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99F0E5B06143292AEB2057A69C4DFEB7AAEEFC4761F000265F509D2291D9A09944CAB0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0028B25D
                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0028B270
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88fd1c548dbf62d84758df245cfc870e738a21045ddc7baa563cc1992a907145
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 00dec619f7c6dbd69213790a27d8ad2c8c4ea109d637ebb3caa1d50674a14671
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88fd1c548dbf62d84758df245cfc870e738a21045ddc7baa563cc1992a907145
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68F06D7481424EABDB059FA0C805BEE7BB4FF04305F108009F951A5192C3798611DF94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002811FC), ref: 002810D4
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,002811FC), ref: 002810E9
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bda1215a0a5fc7ac26ebe67325dfa6524cb41bff2db12228159dfb2a01a22a44
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d5844190da23a83be72dc6f3f70b727cc4eb3b949dd03ca1c8f573e67154db33
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bda1215a0a5fc7ac26ebe67325dfa6524cb41bff2db12228159dfb2a01a22a44
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BE04F72428600AFE7652B11FC09E7377E9EB04310F20892DF4A5804B1DB626CA0DB10
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00256766,?,?,00000008,?,?,0025FEFE,00000000), ref: 00256998
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91c3ac97ff7e80130d83dbafd7c45c78c1d7ca52ba8357c26a478f5385b259af
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c0385c5b941978171eada72e23b2c248f415ae840b5c3c5b7c0cf52588c4314b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91c3ac97ff7e80130d83dbafd7c45c78c1d7ca52ba8357c26a478f5385b259af
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84B17D31620609CFD714CF28C48AB647BE0FF05366F658658EC99CF2A2C335D9A9CB44
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b1e1cd78d7c29c1e474e7f79c7796a9f71a8e5c22b0b7da790bc41e0d64411c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 857496ec90d1eed1c9d87a099f05b48692bb7d71cb583f2bca3a1e090e03ea1b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1e1cd78d7c29c1e474e7f79c7796a9f71a8e5c22b0b7da790bc41e0d64411c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2127FB1D202299BCB15CF58C8906EEB7F5FF48310F14819AE949EB251EB709E91CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 0029EABD
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6e2fa86310e62fb602581205b134548d0bf9e7b434c90426ecbf28ee4097872e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8558280519f967b139fedb36c9d05f3bc1ca425cbedda99c8cca92cc2f8163c2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e2fa86310e62fb602581205b134548d0bf9e7b434c90426ecbf28ee4097872e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28E04831220215AFDB10DF59E404E5AF7DDAF98760F15841AFC45C7361D770E8518B90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,002403EE), ref: 002409DA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ca2c46020b02a6e3ceab75166eaa4151da51917edca5d9f63237b662bac031ff
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 78c4a14d19aac0623e80df140730586c1e8eb31e72584e3a853b1fe29cc1c3f1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca2c46020b02a6e3ceab75166eaa4151da51917edca5d9f63237b662bac031ff
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 748cb2d59fbb92b704feb5c44b7362d1935104f498f25bda2e142006b092c10f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D651897163CB4B5BDB3C8D78885E7BE23899B12300F180919D8B2D7282C765DE35E752
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0&/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3005580031
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c7902d06244645459773e24d7e85d390eab8286a99f9513e60cd1e1c02fa7c4c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7bce126d4eb5a0425bc2f38175acbf9205c884f5a45c054d1e3b7f8ff57f41bc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7902d06244645459773e24d7e85d390eab8286a99f9513e60cd1e1c02fa7c4c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 102196326205158BDB28CE79D81267A73E9A764320F15862EE4A7C37D1DE35A908CB80
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c24327b615b933deefa0dbc69c4fb7a824eb3380075ded0d2ac73372b311817
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b9f76d4493c68b8cfb7ef6981efc49f7a5e0a26b4754a8e6124545a157420bad
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c24327b615b933deefa0dbc69c4fb7a824eb3380075ded0d2ac73372b311817
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2832FF22D79F014DD7239A34E826326A249AFB73C6F15D737EC1AB59A6EF39C4874100
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4e1474095af5bd68df61af12a5ed2db996b61dafb21cc2259f95f97e9bbcd84d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7a351b5076a2b2e4c6a4a74848a7b8a8c284a583d6778d638725e4dc0ade58e1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e1474095af5bd68df61af12a5ed2db996b61dafb21cc2259f95f97e9bbcd84d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34320271A341568BCF28CE39C49467DB7A1EB45304F38C96FD84EAB2A1D630DDA2DB41
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc11d2e2c1862ab1395710ec58d90d3040a58bea50fb02259e59ee521aec6141
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 89e9efc254d0cf18b57e4d78ff9db279b775277d2f253f8d9a7f9299d476f4ee
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc11d2e2c1862ab1395710ec58d90d3040a58bea50fb02259e59ee521aec6141
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8022D4B0A2461AEFDF14CFA4D981AAEB3F5FF44304F104569E816AB291EB359D60CF50
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 245d566c8f46aa549689e9d378b046c56c5363b870516c408dc3aad4158b4764
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59a611b95518aebafee3a04372eb3e9ef2c4bc9294f1b27794df1060200c72b1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 245d566c8f46aa549689e9d378b046c56c5363b870516c408dc3aad4158b4764
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE02D7B1E2021AEBDF04DF54E981AADB7B5FF44304F118169E8069B290EB719E70CF91
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3beda40b05560d4ab17dffdeebad9e47800254e3ff5ab24cb71b23bcf827a355
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 180830e5eb9c1d8a643f3fd59b821c8391bfc5cd3c300ca93d53ad72a551f6f6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3beda40b05560d4ab17dffdeebad9e47800254e3ff5ab24cb71b23bcf827a355
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFB11420D2AF814DC32396399836336B65CAFBB6D5F91D71BFC1675D22EB2286834180
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1403aa038a1243a936f256984f1b82fc02dc9400a18b641b8f2c76cd866a1aba
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d00b8b71b25f1f8e7dcf054591214eb4ff57f664672c209a8768108942766400
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1403aa038a1243a936f256984f1b82fc02dc9400a18b641b8f2c76cd866a1aba
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4161AA7123871B56DE3C9E288C95BBE2398EF41708F10091EE9A3DF281DB519E72C756
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 776fd66c3cdfcc4338b93cf94c191d9852bb83d4c1bf0aedef60a16b45290871
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3f594eb3fa168cdea8c2a741ced2dd3a77a92a27f5b77cc5ac20c5682c5cbd09
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 776fd66c3cdfcc4338b93cf94c191d9852bb83d4c1bf0aedef60a16b45290871
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A61AA31B3870BE6CE3C9E284895BBF2388DF02704F100A59E963DF281DB529D728A55
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1df4536ac3451464c1629a885e3e23461e128d776e5c1886b788cc8284ac4094
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a3a8436ed18de627bad2be839693a8c94f6b0c5111a33357cda2c04d2e1e5f72
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1df4536ac3451464c1629a885e3e23461e128d776e5c1886b788cc8284ac4094
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC61F8B58183E3BFC726CF2484A5595FFE0EF2631072984AFC9D64B152D33199A6DB02
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 002A2B30
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 002A2B43
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 002A2B52
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 002A2B6D
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 002A2B74
                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 002A2CA3
                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 002A2CB1
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2CF8
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 002A2D04
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 002A2D40
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2D62
                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2D75
                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2D80
                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 002A2D89
                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2D98
                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 002A2DA1
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2DA8
                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 002A2DB3
                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2DC5
                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,002BFC38,00000000), ref: 002A2DDB
                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 002A2DEB
                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 002A2E11
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 002A2E30
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A2E52
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002A303F
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d3329a1cf6e93d24e1cbf33f4faafe75291b06a35aac2a1666c3b66d9230524a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fa9843cba994391e7a860a7be010097fda93c287f5be3713e7521c3060a7541e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3329a1cf6e93d24e1cbf33f4faafe75291b06a35aac2a1666c3b66d9230524a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF026C71510215EFDB14DFA8DC89EAE7BB9EF49320F108658F915AB2A1CB70AD11CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 002B712F
                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 002B7160
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 002B716C
                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,000000FF), ref: 002B7186
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 002B7195
                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 002B71C0
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000010), ref: 002B71C8
                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(00000000), ref: 002B71CF
                                                                                                                                                                                                                                                                                                                                                              • FrameRect.USER32(?,?,00000000), ref: 002B71DE
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 002B71E5
                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 002B7230
                                                                                                                                                                                                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 002B7262
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B7284
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: GetSysColor.USER32(00000012), ref: 002B7421
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: SetTextColor.GDI32(?,?), ref: 002B7425
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: GetSysColorBrush.USER32(0000000F), ref: 002B743B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: GetSysColor.USER32(0000000F), ref: 002B7446
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: GetSysColor.USER32(00000011), ref: 002B7463
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 002B7471
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: SelectObject.GDI32(?,00000000), ref: 002B7482
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: SetBkColor.GDI32(?,00000000), ref: 002B748B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: SelectObject.GDI32(?,?), ref: 002B7498
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 002B74B7
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002B74CE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 002B74DB
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38673151ad2a73e5faeec7f14e38713424fad1ec619a0e7a5a813592cc29d451
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c00ca46692c42a8554d8687c5dceb887e0a7fa8ac048fb57a27776268717be81
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38673151ad2a73e5faeec7f14e38713424fad1ec619a0e7a5a813592cc29d451
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76A19272018301AFD7109F64EC4CE9B7BA9FB89360F200B19F9A6A61E1D771E954CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 002A273E
                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 002A286A
                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 002A28A9
                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 002A28B9
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 002A2900
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 002A290C
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 002A2955
                                                                                                                                                                                                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 002A2964
                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 002A2974
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 002A2978
                                                                                                                                                                                                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 002A2988
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002A2991
                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 002A299A
                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 002A29C6
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 002A29DD
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 002A2A1D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 002A2A31
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 002A2A42
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 002A2A77
                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 002A2A82
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 002A2A8D
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 002A2A97
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b199efaced39516d98d7cf1de51b3f780dd238aecbebf6865d0697f5b499ab20
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 36cdb50309bd5120d108de4c8a0b1e46d32062e92717c1bfbd00fd0abbaa7ef3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b199efaced39516d98d7cf1de51b3f780dd238aecbebf6865d0697f5b499ab20
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AB15C71A10219BFEB14DFA8DC49FAEBBA9EF49710F104254F914EB290DB74AD50CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00294AED
                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,002BCB68,?,\\.\,002BCC08), ref: 00294BCA
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,002BCB68,?,\\.\,002BCC08), ref: 00294D36
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2461fd85950e67382010460f843a5e9bc335298c2d28d8e15d0616897a0d1893
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e34b2488001752770669fe1466a4b295ccdc73ac4ab277b05ad8c8c9cd71aa1a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2461fd85950e67382010460f843a5e9bc335298c2d28d8e15d0616897a0d1893
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16612330675106EFCF04FF24CA89D6CB7A0AB19384BA04167F806AB291CB71ED72DB51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 002B7421
                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 002B7425
                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 002B743B
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 002B7446
                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 002B744B
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 002B7463
                                                                                                                                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 002B7471
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 002B7482
                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 002B748B
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 002B7498
                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 002B74B7
                                                                                                                                                                                                                                                                                                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002B74CE
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 002B74DB
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002B752A
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 002B7554
                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 002B7572
                                                                                                                                                                                                                                                                                                                                                              • DrawFocusRect.USER32(?,?), ref: 002B757D
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 002B758E
                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 002B7596
                                                                                                                                                                                                                                                                                                                                                              • DrawTextW.USER32(?,002B70F5,000000FF,?,00000000), ref: 002B75A8
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 002B75BF
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 002B75CA
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 002B75D0
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 002B75D5
                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 002B75DB
                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 002B75E5
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fb39c61efeb416d540dd910b39b023785b829ee64891d39c04c3de5c159aaa4b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7eee78ec2490d5858a76aab51b06860aa52119015fa0652a36a99de50cc711c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb39c61efeb416d540dd910b39b023785b829ee64891d39c04c3de5c159aaa4b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34618172910219AFDF119FA8EC48EEE7F79EB48360F204211F915BB2A1D7709950CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B1128
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 002B113D
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 002B1144
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B1199
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 002B11B9
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 002B11ED
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002B120B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 002B121D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,?), ref: 002B1232
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 002B1245
                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 002B12A1
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 002B12BC
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 002B12D0
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 002B12E8
                                                                                                                                                                                                                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 002B130E
                                                                                                                                                                                                                                                                                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 002B1328
                                                                                                                                                                                                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 002B133F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 002B13AA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                              • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8e53bf95d87e34d1ffa92a596ef01809dc94bd56b23d63acb6220f83a04dc23
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cff45635e4f5b576c5ae2c55023df10e9170211364e5d22c6c38a5c828828593
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8e53bf95d87e34d1ffa92a596ef01809dc94bd56b23d63acb6220f83a04dc23
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35B1BE71618351AFD700DF64D898BAABBE4FF84340F40891CF9999B2A1D770E864CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 002B02E5
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B031F
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0389
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B03F1
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0475
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 002B04C5
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 002B0504
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F9F2: _wcslen.LIBCMT ref: 0023F9FD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00282258
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0028228A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ff395166df49ce39a61029e9f83968eee942870947dc46e8cf2de7b0d5c859b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2d6e96a500303c90b5c9249de4d2d5044368f3fba1853f55b6d23a5c517e737d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ff395166df49ce39a61029e9f83968eee942870947dc46e8cf2de7b0d5c859b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0E10F312383019FC725DF24D58096BB3E6BF88394F604A6DF8969B2A1DB30ED65CB41
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00238968
                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 00238970
                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0023899B
                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 002389A3
                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 002389C8
                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 002389E5
                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 002389F5
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00238A28
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00238A3C
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 00238A5A
                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00238A76
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 00238A81
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetCursorPos.USER32(?), ref: 00239141
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: ScreenToClient.USER32(00000000,?), ref: 0023915E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetAsyncKeyState.USER32(00000001), ref: 00239183
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetAsyncKeyState.USER32(00000002), ref: 0023919D
                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,002390FC), ref: 00238AA8
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f51838271771712caa42db2b407da59fc6d1aae9c1dfa94ef598dd372feb4505
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ceec2af105d71ca101230c899c7e0402b3ed84e496b1fde3d64d3d537924ea3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f51838271771712caa42db2b407da59fc6d1aae9c1dfa94ef598dd372feb4505
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FB18D71A1020ADFDB14DFA8DD49BAE7BB5FB48354F104229FA15AB290DB70E860CF51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00281114
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281120
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 0028112F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281136
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0028114D
                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00280DF5
                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00280E29
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00280E40
                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00280E7A
                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00280E96
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00280EAD
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00280EB5
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00280EBC
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00280EDD
                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00280EE4
                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00280F13
                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00280F35
                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00280F47
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280F6E
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280F75
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280F7E
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280F85
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00280F8E
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280F95
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00280FA1
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00280FA8
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: GetProcessHeap.KERNEL32(00000008,00280BB1,?,00000000,?,00280BB1,?), ref: 002811A1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00280BB1,?), ref: 002811A8
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00280BB1,?), ref: 002811B7
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fd129f9705f5a51b4c02bb5930e08fb54ef5fb34b4959d1bb502f2b76680faaf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 445a4237b56d6dca7292a363eb533738a68ce821f49711ea1d7470a687eef2ff
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd129f9705f5a51b4c02bb5930e08fb54ef5fb34b4959d1bb502f2b76680faaf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4871737591120AEBDF60AFA4DC88FAEBBB8BF14300F148615F919E6191D7309919CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002AC4BD
                                                                                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,002BCC08,00000000,?,00000000,?,?), ref: 002AC544
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 002AC5A4
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AC5F4
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002AC66F
                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 002AC6B2
                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 002AC7C1
                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 002AC84D
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 002AC881
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002AC88E
                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 002AC960
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a691f215a7d9aed1dd1f9552571db2d9d34a2973dc3def17d0e63bbf6acf983a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7357268832571bec4d9f9df43f20eb1079520e165fda09ff961497646fc86447
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a691f215a7d9aed1dd1f9552571db2d9d34a2973dc3def17d0e63bbf6acf983a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60126B35628211AFC714DF14D885A2AB7E5FF89714F14885CF84A9B3A2DB31EC61CF81
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 002B09C6
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0A01
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002B0A54
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0A8A
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0B06
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B0B81
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F9F2: _wcslen.LIBCMT ref: 0023F9FD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00282BFA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3735d8cea636a58ca028cddc9e26861a5dc46670a1736967178d038ab41bfb01
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 85fb46dcf954d10f4f6d4f8017261edc597632c8523b8b2874370654e0d4910b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3735d8cea636a58ca028cddc9e26861a5dc46670a1736967178d038ab41bfb01
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55E1CC312283029FC715EF24C49096AB7E1FF98388F54895DF8969B3A2D730ED65CB81
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e92196373b3b1fff090daac75d70f4df7aa04c2ff647d6ceeeffb53de24a73d3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0308359c5edd2f6637bca453fa45ada7dd316be95afbb3ee27d7f838c26584c2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e92196373b3b1fff090daac75d70f4df7aa04c2ff647d6ceeeffb53de24a73d3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93711433A3016B8BCB20DE7CDD516BA3391AB62764F310525F8569B285EE31CDB5C7A0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B835A
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B836E
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B8391
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B83B4
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 002B83F2
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,002B5BF2), ref: 002B844E
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002B8487
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 002B84CA
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002B8501
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 002B850D
                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 002B851D
                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,002B5BF2), ref: 002B852C
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 002B8549
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 002B8555
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 54b33446b62662564def0b5c342eb2409ec3ad0d983ef2662abd02a0a1bf4cc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cb9deb97ded6913efc351ce8d5696a7160a4668d1e6cfc5e19723eaa349b995d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54b33446b62662564def0b5c342eb2409ec3ad0d983ef2662abd02a0a1bf4cc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B361E171520216BAEB24DF64DC85BFE77ACBF04B50F604609F819E61D1DF74A9A0CBA0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac3c842c643f9bdfb8c0c6dd8fcee91513e623c30f9cd2a5e6f156328a2d4e42
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 741fc19e868a800a1154f2b19e1f5fab6c86d4e170e9f9d27acb953ceb4ee0a0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac3c842c643f9bdfb8c0c6dd8fcee91513e623c30f9cd2a5e6f156328a2d4e42
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F812B71674226BBDB24AFA0EC42FAE7768AF16340F044025FD04AB196EB74D971CB91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00293EF8
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00293F03
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00293F5A
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00293F98
                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?), ref: 00293FD6
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0029401E
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00294059
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00294087
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 65d2d78a7bbc8328c75434368c3e6aacc1bc765b2eddb1d90d9ef07caf1846b3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0bbeb6a16f4595526cf9cf78b9fa89d02fa84c0dcf501ebfc46ac3e97105845e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 65d2d78a7bbc8328c75434368c3e6aacc1bc765b2eddb1d90d9ef07caf1846b3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C971F3325242129FCB10EF24C88486EB7F4EFA4758F50492DF89593251EB31ED66CB91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00285A2E
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00285A40
                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00285A57
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00285A6C
                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00285A72
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00285A82
                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00285A88
                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00285AA9
                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00285AC3
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00285ACC
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00285B33
                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00285B6F
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00285B75
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00285B7C
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00285BD3
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00285BE0
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 00285C05
                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00285C2F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 19c5a95b9e3358fac069529dddc6b8d4942b265bc26f86ebdcf2caa1af655448
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 529b90767176c0ef59b91704741c53d1b7b9e2e03344c3a34be43791f9b3e290
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19c5a95b9e3358fac069529dddc6b8d4942b265bc26f86ebdcf2caa1af655448
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7871A135911B16AFDB20EFA8CD89E6EBBF5FF48704F104618E182A25A4D770E950CF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 0029FE27
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 0029FE32
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0029FE3D
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 0029FE48
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 0029FE53
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 0029FE5E
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 0029FE69
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 0029FE74
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 0029FE7F
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 0029FE8A
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 0029FE95
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 0029FEA0
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 0029FEAB
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 0029FEB6
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 0029FEC1
                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 0029FECC
                                                                                                                                                                                                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 0029FEDC
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0029FF1E
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 645b5b9bf65171aebe5d2fd6ab7384ec43061c3ce57222a9dae081df3f3b0ddf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3613e054dd643fce6f18aa7b6e1ed1a9b0861555bb2f3c57bea9ea7a3724084f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 645b5b9bf65171aebe5d2fd6ab7384ec43061c3ce57222a9dae081df3f3b0ddf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E4174B0D0431A6ADB50DFBA9C8985EBFE8FF04354B50452AE11DE7681DB789901CE90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-1021860529
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e48f9b90d1f4e41a2ac50cb2765985782070deb08cb38d1e0b0a47221b33ef7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 809bacf055c944bbc15e124bfe72ef5ffd73b62e0ed9790e4c873b07d9597be8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e48f9b90d1f4e41a2ac50cb2765985782070deb08cb38d1e0b0a47221b33ef7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89E10936A31526ABCB18EFB8C4517EDF7B0BF44B10F544119E856F7280DB70AE658B90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 002400C6
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: InitializeCriticalSectionAndSpinCount.KERNEL32(002F070C,00000FA0,B42CE972,?,?,?,?,002623B3,000000FF), ref: 0024011C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,002623B3,000000FF), ref: 00240127
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,002623B3,000000FF), ref: 00240138
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0024014E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0024015C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0024016A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00240195
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 002401A0
                                                                                                                                                                                                                                                                                                                                                              • ___scrt_fastfail.LIBCMT ref: 002400E7
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400A3: __onexit.LIBCMT ref: 002400A9
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 00240154
                                                                                                                                                                                                                                                                                                                                                              • InitializeConditionVariable, xrefs: 00240148
                                                                                                                                                                                                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00240122
                                                                                                                                                                                                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 00240162
                                                                                                                                                                                                                                                                                                                                                              • kernel32.dll, xrefs: 00240133
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8958ebd4eb84733be8e6fa2321416e489ea00d9a57417f03897387bfa5b3628
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c9a01f6c4258b6ce16ac58047e2b5780d750e04336441007ec5f5fe43050e672
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8958ebd4eb84733be8e6fa2321416e489ea00d9a57417f03897387bfa5b3628
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85213B32A747026BD7146F68BDCDB697394DF05FA1F100235FA09A2292DB709C608EA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(00000000,00000000,002BCC08), ref: 00294527
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0029453B
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00294599
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002945F4
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0029463F
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002946A7
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F9F2: _wcslen.LIBCMT ref: 0023F9FD
                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,002E6BF0,00000061), ref: 00294743
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5251bacb2c048b2fd27ea2171918a3f3aa03e9cb31f03d828eb1a2ed21c8f2c6
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab71dbed23d6fd667a868fb1c79d0a25178741edf3ed74783a386f310affc5d8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5251bacb2c048b2fd27ea2171918a3f3aa03e9cb31f03d828eb1a2ed21c8f2c6
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9B123716283029FCB10EF28D890E6EB7E4BFA5764F90491DF496C7291D730D866CB52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • DragQueryPoint.SHELL32(?,?), ref: 002B9147
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B7674: ClientToScreen.USER32(?,?), ref: 002B769A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B7674: GetWindowRect.USER32(?,?), ref: 002B7710
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B7674: PtInRect.USER32(?,?,002B8B89), ref: 002B7720
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 002B91B0
                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 002B91BB
                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 002B91DE
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 002B9225
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 002B923E
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 002B9255
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 002B9277
                                                                                                                                                                                                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 002B927E
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 002B9371
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 221274066-3684176132
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4716acce7d05f6f2dc59a30c043e02556dbf5001c7654db37e38f148fe8bb498
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d8ddcf123893cb663d5ef5bb5a6422e1cad9ba36348bbb63e56977c15662a386
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4716acce7d05f6f2dc59a30c043e02556dbf5001c7654db37e38f148fe8bb498
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47618E71118301AFC705DF50EC89DAFBBE8EF89390F500A2EF691931A0DB709A59CB52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(002F1990), ref: 00262F8D
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(002F1990), ref: 0026303D
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00263081
                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0026308A
                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(002F1990,00000000,?,00000000,00000000,00000000), ref: 0026309D
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 002630A9
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f7ba20602370c0421fa941deeb7c3b8a28e10050b1e95c36ca3bb93eceb4ab1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3115e936ab1305f529814d7a0f3706734c7ce55f971a8837ec9e5542b98b5a94
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f7ba20602370c0421fa941deeb7c3b8a28e10050b1e95c36ca3bb93eceb4ab1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE711430650216FEEB218F64DC49FAABF69FF04364F200216F9246A1E0C7B1AD74CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 002B6DEB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 002B6E5F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 002B6E81
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002B6E94
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 002B6EB5
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00220000,00000000), ref: 002B6EE4
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002B6EFD
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 002B6F16
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 002B6F1D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 002B6F35
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 002B6F4D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239944: GetWindowLongW.USER32(?,000000EB), ref: 00239952
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 773c8ee8b0b95d84537a95a4f25ed62c2f08a9c41bcf782e18a878f62d916fae
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e5565685fcabaa9ad3f7cbe4aa4268994412c770d2c7c44c1418c7fb357417d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 773c8ee8b0b95d84537a95a4f25ed62c2f08a9c41bcf782e18a878f62d916fae
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39719771510241AFDB24CF28EC48FBABBE9FB89344F54052DF98987261C7B4E925CB11
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0029C4B0
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0029C4C3
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0029C4D7
                                                                                                                                                                                                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0029C4F0
                                                                                                                                                                                                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0029C533
                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0029C549
                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0029C554
                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0029C584
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0029C5DC
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0029C5F0
                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0029C5FB
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 674060b9e742f9099b9b02726f82a59459f87d2fe46d72ce55fc07be75fa50b2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49f83fcdcc18e4b183a47bc1a52de9bcadba39675e2a3eb17faf5d2315f6315b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 674060b9e742f9099b9b02726f82a59459f87d2fe46d72ce55fc07be75fa50b2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36516CB0510209BFEF218F60DD88AAB7BFCFF08754F60451AF946A6210DB70E954EB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 002B8592
                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85A2
                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85AD
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85BA
                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 002B85C8
                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85D7
                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 002B85E0
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85E7
                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 002B85F8
                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,002BFC38,?), ref: 002B8611
                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 002B8621
                                                                                                                                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 002B8641
                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 002B8671
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 002B8699
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 002B86AF
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a1833225157e91772fcb6e58b833b8654e035b88ff921ec339fcdf01d6104310
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 22716f3e4dc177cd790d759b38b3188087caa130c95e2be5730dc1f8aadc7d2c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1833225157e91772fcb6e58b833b8654e035b88ff921ec339fcdf01d6104310
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30411975610205AFDB119FA5DC4CEAA7BBCEF89751F204159F909E7260DB70AD01CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 00291502
                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0029150B
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00291517
                                                                                                                                                                                                                                                                                                                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 002915FB
                                                                                                                                                                                                                                                                                                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 00291657
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00291708
                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0029178C
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002917D8
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002917E7
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 00291823
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ffb52b6b3cbab24caf3c61d7dd97b11759749fffd40b2480d08a82e1c6b5e5d9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2a3e343ab19986ae1806194f9e28e29dff33a1f36bf03c86012777b678c2306
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffb52b6b3cbab24caf3c61d7dd97b11759749fffd40b2480d08a82e1c6b5e5d9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BD10171A20116EBDF009FA6E888B79B7B5BF45700F628066F446AB290DB70DC71DB61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002AB6AE,?,?), ref: 002AC9B5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002AC9F1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA68
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA9E
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002AB6F4
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002AB772
                                                                                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 002AB80A
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 002AB87E
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 002AB89C
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 002AB8F2
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002AB904
                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 002AB922
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 002AB983
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002AB994
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: db40da90fd6d3bef39b04b0d4dd4046c774822d20fe3c7df0b228fb098f98e82
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ee6592d38b5011d69d69267e0f8794c66d489e0a820a801d2559a272ee4fccb
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db40da90fd6d3bef39b04b0d4dd4046c774822d20fe3c7df0b228fb098f98e82
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FC1AC31228202AFC711DF54C494F2ABBE5BF85308F24859CF49A4B6A2CB75EC55CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 002A25D8
                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 002A25E8
                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 002A25F4
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 002A2601
                                                                                                                                                                                                                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 002A266D
                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 002A26AC
                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 002A26D0
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 002A26D8
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 002A26E1
                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 002A26E8
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 002A26F3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e602b5d6ad8da51616cc6d6246cb5262f680480fcba167aa5152aab449d6284
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4713a2d7f0e57a520ae8de9e47aec1deaf4f97b6a81658ac73c571873318aa0e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e602b5d6ad8da51616cc6d6246cb5262f680480fcba167aa5152aab449d6284
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C461E375D10219EFCF04CFA8D984EAEBBB9FF48710F208529E955A7250D770A951CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 0025DAA1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D659
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D66B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D67D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D68F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6A1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6B3
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6C5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6D7
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6E9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D6FB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D70D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D71F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D63C: _free.LIBCMT ref: 0025D731
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DA96
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DAB8
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DACD
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DAD8
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DAFA
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB0D
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB1B
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB26
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB5E
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB65
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB82
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025DB9A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e359d7abdf3545672e52669d754ada047806dc6aeebff6a1698882669f3204f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cc363d0aac93c390edd61f6b1394b54e14642b04fe233f52b015fc7bc7ce91b6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e359d7abdf3545672e52669d754ada047806dc6aeebff6a1698882669f3204f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E315C31664306DFEB31AE39E845B9677E9FF01312F215419E848E7291DE31EC68CB28
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0028369C
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002836A7
                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00283797
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0028380C
                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 0028385D
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00283882
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 002838A0
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000), ref: 002838A7
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00283921
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 0028395D
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 258a0a0e3467506a4be5b6233c5c685741209fd71edb3111902acf643c738d83
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b9a207b18d4bc93e2ca65e27b5e8ea3eaafceedbe0bf684d89876fec08457486
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 258a0a0e3467506a4be5b6233c5c685741209fd71edb3111902acf643c738d83
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5591D575215617AFD709EF24C884FAAF7A8FF44710F004619F999C21D0DB70EA65CB91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00284994
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 002849DA
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002849EB
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 002849F7
                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00284A2C
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00284A64
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00284A9D
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00284AE6
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00284B20
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00284B8B
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                              • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 508ffd7a93c037e10da4d5ca6f7e590a6473334f402156923d28cdfdee16c5ee
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73a0a57b68d8dad686b2c7069abf6fee23e31569259ef294bc154726d85269a9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 508ffd7a93c037e10da4d5ca6f7e590a6473334f402156923d28cdfdee16c5ee
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B391BE354262079BDB08FF14C885FAA77A8FF84308F04446AFD859A0D6DB30ED65CBA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002B8D5A
                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 002B8D6A
                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 002B8D75
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 002B8E1D
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 002B8ECF
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 002B8EEC
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 002B8EFC
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 002B8F2E
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 002B8F70
                                                                                                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002B8FA1
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 456a2418c971f1644269f5322956e04cadfa45472253c04bf831df5771b11a73
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 76a8fff3fa3f85ef73d866a88bda5d0f05129b7d1e123ac0e79b1bf0393c4d36
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 456a2418c971f1644269f5322956e04cadfa45472253c04bf831df5771b11a73
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C8181715243029FDB10CF24D884ABBB7EDFF88794F140619F99997291DB70D921CBA2
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(002F1990,000000FF,00000000,00000030), ref: 0028BFAC
                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(002F1990,00000004,00000000,00000030), ref: 0028BFE1
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 0028BFF3
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 0028C039
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 0028C056
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,-00000001), ref: 0028C082
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 0028C0C9
                                                                                                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0028C10F
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0028C124
                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0028C145
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c1e70b4938536b5d5d7d5815b236f681a4e3ba2f4a764bfe4487e23e442ace72
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1156bde7537b7c0cd1af287961ed2e3990643aa5c8193a7e7545e1cd2f917c13
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1e70b4938536b5d5d7d5815b236f681a4e3ba2f4a764bfe4487e23e442ace72
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4961B0B4921246AFDF11EF64DC88EAE7BA8EB05344F604159F815A32C2C775AD24CB70
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0028DC20
                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0028DC46
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028DC50
                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 0028DCA0
                                                                                                                                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0028DCBC
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3a2bea0fa0d91ef167cb855433148296d32f7f1753b0b5aa487d4c1fa003f75d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: de9f9636b8bd2e1a658b88d7b83b0d9040f8cdb32682c42ecdf261d9f2a16449
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a2bea0fa0d91ef167cb855433148296d32f7f1753b0b5aa487d4c1fa003f75d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 914115729602017ADB18BB75EC07EFF776CEF56750F10006AF900A61C2EBB099359BA5
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002ACC64
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 002ACC8D
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002ACD48
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002ACC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 002ACCAA
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002ACC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 002ACCBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002ACC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002ACCCF
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002ACC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002ACD05
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002ACC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002ACD28
                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 002ACCF3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c01e8716be01b4be0c754cb18a33d7007375db93e96ac92fed530a05c4d8cb7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51c3bd3c4c6b38ef0c99c65f9b1dd594a3295cbb05726b9493cd05766778bb85
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c01e8716be01b4be0c754cb18a33d7007375db93e96ac92fed530a05c4d8cb7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79318C71911129BBDB209F95EC8CEFFBB7CEF16750F200565B906E2240DB709A45AAB0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00293D40
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00293D6D
                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00293D9D
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00293DBE
                                                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00293DCE
                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00293E55
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00293E60
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00293E6B
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6eb884103f28c7c77fc274bcbf3785e1f322be785565959ca5798eb4e706a6fc
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e941c6e22859fa85db196f8804fd3181b07785218ada554557118d562abe63f4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6eb884103f28c7c77fc274bcbf3785e1f322be785565959ca5798eb4e706a6fc
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5331907592420AABDB20DFA0DC49FEB37BCEF89700F6041B5F919D6060EB7097548B24
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0028E6B4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023E551: timeGetTime.WINMM(?,?,0028E6D4), ref: 0023E555
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 0028E6E1
                                                                                                                                                                                                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0028E705
                                                                                                                                                                                                                                                                                                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0028E727
                                                                                                                                                                                                                                                                                                                                                              • SetActiveWindow.USER32 ref: 0028E746
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0028E754
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0028E773
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 0028E77E
                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32 ref: 0028E78A
                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 0028E79B
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0a42e3339b5fc10cf46efeb5e677e7b93f11c7dcc7d8434ad8df7932b5277dbc
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f800751e052b6140dd6cd7d17e31e2b967e30df770b9b2fb27c6e68dc37a0d7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a42e3339b5fc10cf46efeb5e677e7b93f11c7dcc7d8434ad8df7932b5277dbc
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC2179B8221215EFFB106F20FC8DA367B6DA756B98B610435F905D21E1DAA1AC24DB24
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0028EA5D
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0028EA73
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0028EA84
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0028EA96
                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0028EAA7
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 786c22340d452abd149ed745e8be8629101d44575f04f9700cd0ec1469bdb774
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: eccba4a3d8e0f692c1fc0de5f9e687a5671f00371925e6f301505242dcbeae93
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 786c22340d452abd149ed745e8be8629101d44575f04f9700cd0ec1469bdb774
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C1177356B126979D724F7A6EC4EDFF6A7CEBD2F40F400425B401A20D1DE700965CAB0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0028A012
                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0028A07D
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 0028A09D
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 0028A0B4
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 0028A0E3
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 0028A0F4
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 0028A120
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0028A12E
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 0028A157
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 0028A165
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 0028A18E
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 0028A19C
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a02c46f7d07b243bfe4eb42bbdbe4bc962b3e0b3e143dbad9baa38228f03b8c5
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be77599590e2c34fa94a8d6ef42d3d0801151f0256b479f4a4b663576e656e53
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a02c46f7d07b243bfe4eb42bbdbe4bc962b3e0b3e143dbad9baa38228f03b8c5
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14513B2891638929FB35FF6088147EABFB49F11340F0C458FD5C6575C2EE54AA9CCB62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00285CE2
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00285CFB
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00285D59
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00285D69
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00285D7B
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00285DCF
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00285DDD
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00285DEF
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00285E31
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00285E44
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00285E5A
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00285E67
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 71438245dca7cabf988f6807b20b4a63a7ea3d34303dd3e4b9df826ac19b45ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 41591889a21f2fc3c435bc06e43c9701e973650a0eca7b0c46ca1a38f98178e7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71438245dca7cabf988f6807b20b4a63a7ea3d34303dd3e4b9df826ac19b45ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4513074B10615AFDF18DF68DD89AAEBBB9FB48310F248229F915E7290D7709E10CB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00238F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00238BE8,?,00000000,?,?,?,?,00238BBA,00000000,?), ref: 00238FC5
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00238C81
                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(00000000,?,?,?,?,00238BBA,00000000,?), ref: 00238D1B
                                                                                                                                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 00276973
                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00238BBA,00000000,?), ref: 002769A1
                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00238BBA,00000000,?), ref: 002769B8
                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00238BBA,00000000), ref: 002769D4
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 002769E6
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 59503de27329a3d9203e0beae9fc678bb7bb6225fd994e5006e7be1c1a8112ce
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 83bbaf334f6b595101ce52677e8690aa0bc96fda20cf2b5adcdfed7ba1025bac
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59503de27329a3d9203e0beae9fc678bb7bb6225fd994e5006e7be1c1a8112ce
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69619E70521B01DFDB299F24E94CB25B7F1FB40362F649929E0469B560CBB1A9B0CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239944: GetWindowLongW.USER32(?,000000EB), ref: 00239952
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00239862
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7329b884cf8b849d790e9626633999e0172e7e2d3618d6f101bb5e5672915ead
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 35384f9b0cff17c89b35e06de7aac5994482b882b49082fcf2de484b3bc1632b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7329b884cf8b849d790e9626633999e0172e7e2d3618d6f101bb5e5672915ead
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C41E471124640AFDB205F3CAC88BBA3BA5EB47330F644615F9A6972E1C7B19CA1DF10
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: .$
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2510666271
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e8f437747c7193994fc20e9700afa02a89a69d1d37d591385a9be8c9a42c8ee4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 874f730ab4869b4827d9bb45af7d4b017276759bea8aad0a23a649aef0c086f6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8f437747c7193994fc20e9700afa02a89a69d1d37d591385a9be8c9a42c8ee4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57C1F27492424AEFCF11DFA8D845BBDBBB0AF49311F144199EC14A7392C7B08999CF64
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0026F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00289717
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,0026F7F8,00000001), ref: 00289720
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0026F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00289742
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,0026F7F8,00000001), ref: 00289745
                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00289866
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e7971bd775551b84fa760fcc6879ff7af0c308c2f44604edd9431d936f50fd23
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ca83f0b7067acf48dc89c5d7b2c4e23af2a381e6a484085d890d7b2d4ae4c1d2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7971bd775551b84fa760fcc6879ff7af0c308c2f44604edd9431d936f50fd23
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03414F72820219BACB14FBE0EE46DEEB778AF15740F640465F50572092EB356FA8CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 002807A2
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 002807BE
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002807DA
                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00280804
                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0028082C
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00280837
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0028083C
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68c5732795f50771f58405adaf8c1541443d97f0de8424f0c73e39dff043f5ab
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c59c83063603291e62e3d06b149e64c1270b94a13385f31e8892a36ceb6e01ae
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68c5732795f50771f58405adaf8c1541443d97f0de8424f0c73e39dff043f5ab
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A411976C20229ABDF15EFE4EC858EDB778BF04350F544569E901A31A1EB305E68CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 002B403B
                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 002B4042
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 002B4055
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 002B405D
                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 002B4068
                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 002B4072
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 002B407C
                                                                                                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 002B4092
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 002B409E
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ba9025bbc4ee9895bdca656a264c0ffacf9a4d2a80bbe5e237932b71fb4a8def
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e34c487697e2a535a1bdf1f7b5fcbbeed447b58eec2207b22faa69d3eb59675
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba9025bbc4ee9895bdca656a264c0ffacf9a4d2a80bbe5e237932b71fb4a8def
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44316E32511216ABDF21AFA8DC49FEA3B68FF0D364F110311FA58E61A1C775D860DB64
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 002A3C5C
                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 002A3C8A
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 002A3C94
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002A3D2D
                                                                                                                                                                                                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 002A3DB1
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 002A3ED5
                                                                                                                                                                                                                                                                                                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 002A3F0E
                                                                                                                                                                                                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,002BFB98,?), ref: 002A3F2D
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 002A3F40
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 002A3FC4
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002A3FD8
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 812da2aaa237ddddca9ec6001d560d73bb7dae9e2cb9d1d2b9402ac1649fa555
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3cfbafe991a512884eacc70a386e1a35c8af412f64a84147195f433cf332a1f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 812da2aaa237ddddca9ec6001d560d73bb7dae9e2cb9d1d2b9402ac1649fa555
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3C13471628305AFD700DF68C88492BB7E9FF8A748F10491DF98A9B250DB70EE15CB52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00297AF3
                                                                                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00297B8F
                                                                                                                                                                                                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 00297BA3
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(002BFD08,00000000,00000001,002E6E6C,?), ref: 00297BEF
                                                                                                                                                                                                                                                                                                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00297C74
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?), ref: 00297CCC
                                                                                                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00297D57
                                                                                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00297D7A
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00297D81
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00297DD6
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00297DDC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1e206332b882d39f1f9e0f9078e3974ced19bc7bbc98494ce2617264345123e2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 171bf87b90cfab1780f1d392e4670d97d6a28fec6dba28946a3a4a973f2ce35a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e206332b882d39f1f9e0f9078e3974ced19bc7bbc98494ce2617264345123e2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16C14A75A14119AFCB14DFA4D888DAEBBF9FF48304B1485A9F8199B261C730EE51CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 002B5504
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002B5515
                                                                                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000158), ref: 002B5544
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 002B5585
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 002B559B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002B55AC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ef130d6fc531c4c31a05e91f71d324e09a4fbe66074e3e661dd7bf9c64defe09
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d68a40f96fcfd6cd4ced73f7f2fc94b63ed827b29009fb3ea618c2d3decb9ba3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef130d6fc531c4c31a05e91f71d324e09a4fbe66074e3e661dd7bf9c64defe09
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E361B030920629EFDF209F54DC84EFE7B79EB093A1F104145F625AA290D7B49AA0DB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0027FAAF
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 0027FB08
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0027FB1A
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 0027FB3A
                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0027FB8D
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 0027FBA1
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0027FBB6
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 0027FBC3
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0027FBCC
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0027FBDE
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0027FBE9
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 25300ef7deb80c69273d8a2e05300b9e47d78784fbb7b7e8fec0b84f6c78a6b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c03469000f845ecabd229c0e7a51ba7cd26799943b24910aae6de9d3dafe4c8e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25300ef7deb80c69273d8a2e05300b9e47d78784fbb7b7e8fec0b84f6c78a6b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE418335A14219EFCF00DFA4D9589AEBBB9FF08344F10C065E959A7261DB30EA55CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00289CA1
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00289D22
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 00289D3D
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00289D57
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 00289D6C
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00289D84
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00289D96
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00289DAE
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 00289DC0
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00289DD8
                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 00289DEA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 689eb01cb751a86551c6a7049d6d78dd46728c4cf84164eca33c12fac9f6cc95
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b192b43b97eca29978e676b529687d51db49457a42a646491d02dfdea9449d15
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 689eb01cb751a86551c6a7049d6d78dd46728c4cf84164eca33c12fac9f6cc95
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 274108385157CB6DFF30BF64C8043B5BEA0AB15304F4C805ADAC2565C2D7A5A9E4C796
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 002A05BC
                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 002A061C
                                                                                                                                                                                                                                                                                                                                                              • gethostbyname.WSOCK32(?), ref: 002A0628
                                                                                                                                                                                                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 002A0636
                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002A06C6
                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002A06E5
                                                                                                                                                                                                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 002A07B9
                                                                                                                                                                                                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 002A07BF
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ae602c9335aaa265a792af39c59c6e681cd9e8352a865503d92a83c1b9a1c59
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: af0951451650d66957e3daf3b83457e8202cd9596d235145c94073504df1c1c4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ae602c9335aaa265a792af39c59c6e681cd9e8352a865503d92a83c1b9a1c59
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC919E75524202AFD320CF15D8C8F1ABBE4AF49318F1485A9F46A9B6A2CB70FC55CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 216ed26f933c761386fde4efa8008e341ed429cae4bdeee618301330afc97090
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aaba70c24c6c216605dc69bf60f66277e5ffec818d6c8c1dd13bd2dd5a6c8678
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 216ed26f933c761386fde4efa8008e341ed429cae4bdeee618301330afc97090
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A519131A20517DBCF14EF68C9409BEB7A5BF66724B604229F426E7284EF30DD60CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32 ref: 002A3774
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 002A377F
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,002BFB78,?), ref: 002A37D9
                                                                                                                                                                                                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 002A384C
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 002A38E4
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002A3936
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce15242e7cf3874b30e4011e7fe78a9d6efe2537adf4f79e0f026608b28d4c8e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4192385f4decce3f9e6b53b326f4705d4c3cd035348c748d7d76b8303bdc8175
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce15242e7cf3874b30e4011e7fe78a9d6efe2537adf4f79e0f026608b28d4c8e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB61C170628312AFD311DF54D888F6AB7E4EF4A714F10091DF9859B291CB74EE68CB92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetCursorPos.USER32(?), ref: 00239141
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: ScreenToClient.USER32(00000000,?), ref: 0023915E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetAsyncKeyState.USER32(00000001), ref: 00239183
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023912D: GetAsyncKeyState.USER32(00000002), ref: 0023919D
                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 002B8B6B
                                                                                                                                                                                                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 002B8B71
                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 002B8B77
                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 002B8C12
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 002B8C25
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 002B8CFF
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1924731296-3612742004
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3526746ace176bc4198365df2d89fc15905c2b6a10e5c3daddffd75ed5a8ac01
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1624bac9635f11297344d03e0156f4157ec57e7b8b4b59f99fda5fbee2c18a7c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3526746ace176bc4198365df2d89fc15905c2b6a10e5c3daddffd75ed5a8ac01
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B519D71114304AFD704DF10EC59FAA77E4FB88790F50062EF996A72A1CB71A964CFA2
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002933CF
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 002933F0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dc0eb3e9cb5a498eb438d0c9afa70ab9788f2841f70f49b86df23a0473b82299
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c0d162a3c1e6b492a9bc652df8148fe2bd15d9b63c74a4e60b77321f328136e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc0eb3e9cb5a498eb438d0c9afa70ab9788f2841f70f49b86df23a0473b82299
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D517C7292021ABADF15EBE0ED46EEEB778AF18340F544065B40572091EB256FB8CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8a898b4664ee1d939ffb6a5cfe8e4f2bd550b3f46683d953ec86a542b6614bb8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94f6ca1620840becad43c7b4c23c153487e1c6c04f0e9494a9237587ed41bfe5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a898b4664ee1d939ffb6a5cfe8e4f2bd550b3f46683d953ec86a542b6614bb8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF41C736A221379BCB217F7D88905BEB7A9AF60B54B24412DE421D72C4F731CDA1C790
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 002953A0
                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00295416
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00295420
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 002954A7
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f07371061588d9e66fb45b25a0aa302fb0bc7c430ce45876c76609669debcc09
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a8ba46f865d3444e16bc5793c593893719609c38a5f7afd606d684141822a2b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f07371061588d9e66fb45b25a0aa302fb0bc7c430ce45876c76609669debcc09
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F31F435B202159FCB52DF68D888EAABBF4FF45305F548065E405DB292D770DDA2CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateMenu.USER32 ref: 002B3C79
                                                                                                                                                                                                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 002B3C88
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002B3D10
                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 002B3D24
                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 002B3D2E
                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002B3D5B
                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 002B3D63
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f826b0787f4f0a385eb126d672ef5a48b0b5d721a3b270d3302637553a490f88
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f374114b9e69cf29b03192166bc358cf8613ac3b5bf3b1d44a39b854b6294d9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f826b0787f4f0a385eb126d672ef5a48b0b5d721a3b270d3302637553a490f88
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E416075611206EFDB24CF54E848EEA7BB5FF49390F140129F946A7360D770AA20CF94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00281F64
                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 00281F6F
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 00281F8B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00281F8E
                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 00281F97
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00281FAB
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00281FAE
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ffd303e32015c77cb29074a7e6da2e7ea142d42e31278a5dd6c7cf52bc8d8a0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e3c0491700d8d9887a0822f5b8b88e8b1c4eaab7fc2a2ec8687b6ad19432f95
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ffd303e32015c77cb29074a7e6da2e7ea142d42e31278a5dd6c7cf52bc8d8a0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121B074910214BBCF08AFA0DC85DEEBBB8AF59310F100216FA61672D1DB745925DF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 002B3A9D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 002B3AA0
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B3AC7
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 002B3AEA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 002B3B62
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 002B3BAC
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 002B3BC7
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 002B3BE2
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 002B3BF6
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 002B3C13
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fabeaea7b18389d2a205e81780fc89a3cbcdb48398f5dd5f864f4756ec9d475d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be496239b8cede1ea0e8271302fbe38b58c4f256836546f5a90c1e84afd70da5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fabeaea7b18389d2a205e81780fc89a3cbcdb48398f5dd5f864f4756ec9d475d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB619C75910248AFDB10DFA8CC85EEE77B8EB09354F1001AAFA15E7291C770AEA5DF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252C94
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CA0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CAB
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CB6
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CC1
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CCC
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CD7
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CE2
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CED
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252CFB
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: efcdad96f4c1df2851423b6331c09cfaf470afedc8d2272000100f733a4e2029
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b69f0f88116cd474bef8390dd28121a76ecfd2eced23aef5d574bdf114f74d29
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efcdad96f4c1df2851423b6331c09cfaf470afedc8d2272000100f733a4e2029
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A11F636120008EFCB02EF54D842CDC3BA5FF06341F6150A0FD486B362D631EA689F94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00297FAD
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00297FC1
                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00297FEB
                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00298005
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00298017
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00298060
                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002980B0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1261387f0c8e65d8fe5a20a4f1e8c4778cc11755eaef5e5497f1e45ab9e407dd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5d19c738380e75a5c36151235f7b2b2408a37d3625a23376f7c273994a0ddebe
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1261387f0c8e65d8fe5a20a4f1e8c4778cc11755eaef5e5497f1e45ab9e407dd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B81A1715382429BCF24EF54C844AAEB3E8BF89310F58486EF8C5D7250EB74DD658B52
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 00225C7A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00225D0A: GetClientRect.USER32(?,?), ref: 00225D30
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00225D0A: GetWindowRect.USER32(?,?), ref: 00225D71
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00225D0A: ScreenToClient.USER32(?,?), ref: 00225D99
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32 ref: 002646F5
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00264708
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00264716
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0026472B
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00264733
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 002647C4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f9d08278fc26c85cc1e7f0954a1197353d6a11b5715da1ba0b0ecb6a722b214
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8af61073cee2c00a8090cda93172022778d1c8d3d8993c236d9a461dc690ee1e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f9d08278fc26c85cc1e7f0954a1197353d6a11b5715da1ba0b0ecb6a722b214
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE710730420206EFCF22AF64D984AFA7BB5FF4A360F144266ED955A166D3309CA1DF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002935E4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(002F2390,?,00000FFF,?), ref: 0029360A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a78f0f28278acd2f19414f1557e51c45ef6b952c08ab047ee0f3e741dee34ffa
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cbd28ef54be98baa9dcade14143751c2f53af3c926f507450cc35d3668d44c2a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a78f0f28278acd2f19414f1557e51c45ef6b952c08ab047ee0f3e741dee34ffa
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B515D7282021ABACF14EBE0EC46EEDBB78AF14344F544165F105721A1DB312AE8DFA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0029C272
                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0029C29A
                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0029C2CA
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0029C322
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0029C336
                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0029C341
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c86f27317532ca60b1ba7f35d63d2d7e1b3e1b423bbad1d0054338505c711663
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 753939387ba634e1c05cf1edf9adda8c9baf37906e410cc11ffbc9013fb4198a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c86f27317532ca60b1ba7f35d63d2d7e1b3e1b423bbad1d0054338505c711663
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4318FB1620208AFDB219F64DC88AAB7BFCEB49744F20855EF486D2200DB70DD149B65
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00263AAF,?,?,Bad directive syntax error,002BCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 002898BC
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00263AAF,?), ref: 002898C3
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00289987
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1be16ef5b28551ffff6f68ebe99401809d8391948a62c702468f06da9e75633d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fb509709b7c1fa6737cfff8e9078047810dc31064eede4c3991010b6ee5f8943
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be16ef5b28551ffff6f68ebe99401809d8391948a62c702468f06da9e75633d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08216D31C6021ABBCF11EF90DC0AEEE7739BF28744F084465F515620A2EA7196B8DF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 002820AB
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 002820C0
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0028214D
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 41dcd02b5248676d3d5f9a6f76df04033a6f2e668928a5a25ec8cd3e6371ad6d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d376f341be3a0250c595848eadedf6f896c79baff0ccf379d5e8949959c8c050
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41dcd02b5248676d3d5f9a6f76df04033a6f2e668928a5a25ec8cd3e6371ad6d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13110A7E6F8717F9F6057621EC0EEA6379CDB05328B30011AFB08A90D6FEA168355B14
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 75ff0f72a334f47e2616f1b0bf0ffb682c3ae528d50f168fc4a8c4a6aec043c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a7e5f43f8d50f11b9b4f788aa5c401e8ead8debb7b1a3dc691ba8ef70620b19
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75ff0f72a334f47e2616f1b0bf0ffb682c3ae528d50f168fc4a8c4a6aec043c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45615B71924301AFDB21AFB4D885A7D7BD5EF01362F24016EFC00A7282E6319D2CCB98
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 002B5186
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 002B51C7
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000), ref: 002B51CD
                                                                                                                                                                                                                                                                                                                                                              • SetFocus.USER32(?,?,00000005,?,00000000), ref: 002B51D1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002B6FBA: DeleteObject.GDI32(00000000), ref: 002B6FE6
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B520D
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002B521A
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 002B524D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 002B5287
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 002B5296
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4d4e4484c695506214e27c1a4bb2cf6c289260d64bbf38b878c3e772888afd58
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e9e0014c051b865f00b771e4dc09a93bbb6c0d3b6092094938d94dda5c09d054
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d4e4484c695506214e27c1a4bb2cf6c289260d64bbf38b878c3e772888afd58
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B451C630A71A29BFEF249F28DC49BD87765EB053A0F144112FA199E2E1C7B599B0DF40
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00276890
                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002768A9
                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 002768B9
                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 002768D1
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 002768F2
                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00238874,00000000,00000000,00000000,000000FF,00000000), ref: 00276901
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0027691E
                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00238874,00000000,00000000,00000000,000000FF,00000000), ref: 0027692D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce0690023efc04116a0868031e6910215d95d716bf2e2c0fb7fd566d935ac98f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 12e67e4b7a5903fd8aa3f6adc4a55797a2305cc9854af30ee2809e15d0a57c3e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce0690023efc04116a0868031e6910215d95d716bf2e2c0fb7fd566d935ac98f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED518EB0620706EFDB20CF24DC59FAA77B6EB44354F204518F956DB2A0DBB0E960DB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0029C182
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0029C195
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0029C1A9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0029C272
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029C253: GetLastError.KERNEL32 ref: 0029C322
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029C253: SetEvent.KERNEL32(?), ref: 0029C336
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029C253: InternetCloseHandle.WININET(00000000), ref: 0029C341
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c427a70d25552c2968a3a348d426e2abc32d0149149d5c52d326ae6c112f214a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: faaf7dcfe90bd70206102ffb8defc692ae87010dd82e0ced8b946ebe29e76d57
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c427a70d25552c2968a3a348d426e2abc32d0149149d5c52d326ae6c112f214a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D317071610705AFDF219FA5EC48A66BBF9FF58300B24451EF95A86610DB31E824EF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00283A57
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetCurrentThreadId.KERNEL32 ref: 00283A5E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002825B3), ref: 00283A65
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 002825BD
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 002825DB
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 002825DF
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 002825E9
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00282601
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00282605
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 0028260F
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00282623
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00282627
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a43548dd574b4ee91e8b51727721c21d4e4c5f35d1e2512a66626dcfeb85f00a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8b0c82fbc65a35ac067f5b5af5e30439b9a4c2ace8613832ba5a62a4fc164793
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a43548dd574b4ee91e8b51727721c21d4e4c5f35d1e2512a66626dcfeb85f00a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC01D4707A0220BBFB107768AC8EF593F5DDB8EB12F200112F358AE0D1C9F224548A69
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00281449,?,?,00000000), ref: 0028180C
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00281449,?,?,00000000), ref: 00281813
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00281449,?,?,00000000), ref: 00281828
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00281449,?,?,00000000), ref: 00281830
                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00281449,?,?,00000000), ref: 00281833
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00281449,?,?,00000000), ref: 00281843
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00281449,00000000,?,00281449,?,?,00000000), ref: 0028184B
                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00281449,?,?,00000000), ref: 0028184E
                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00281874,00000000,00000000,00000000), ref: 00281868
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e8c9b38980fc0fd60308f01bfbc8e705505c17374ad1b779d8fc076498b20be7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 48e8b45d21aa6197b7596cf7e50de7c33b13c0881a9c4e52e98de898d52c13d7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8c9b38980fc0fd60308f01bfbc8e705505c17374ad1b779d8fc076498b20be7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E01BFB5250304BFE710AFA5EC4DF573BACEB89B11F504521FA05EB191C6709810CB20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                              • String ID: }}$$}}$$}}$
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1036877536-604903683
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5673f2915f02b6a385ef4d6ec58c5ac581e730be8b1c20e9f6889b3ce7f3be52
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2A18832D307829FDB15DF18C8817AEFBE4EF21395F28416DE9459B281C23489A9CB58
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0028D501
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0028D50F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028D4DC: CloseHandle.KERNELBASE(00000000), ref: 0028D5DC
                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002AA16D
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 002AA180
                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002AA1B3
                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 002AA268
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 002AA273
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AA2C4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 61f2a0280a8e9e46134f6f60e878ee1e0e70da70404da23d5bc8872b756c943c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f410fcf76b05f4e140859f399d4fd50ea0df234b96664389e11401c6b0c7bbbf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 61f2a0280a8e9e46134f6f60e878ee1e0e70da70404da23d5bc8872b756c943c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7961C330224242AFD310DF18D494F1ABBE1AF45318F14849CE45A4FBA3CB76EC65CB92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 002B3925
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 002B393A
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 002B3954
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B3999
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 002B39C6
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002B39F4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 23cab45d99b7329219f4d49ecd09da591fcd71ca4272b53e7f19bc63bc97a10a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fdcbd9979ae9c9bcaa003cf2777022d0148fcd1d12abd6ea3cdb36a891139fd6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23cab45d99b7329219f4d49ecd09da591fcd71ca4272b53e7f19bc63bc97a10a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA41B671A10219ABEF21DF64CC49FEA77A9EF48390F100526F558E7281D7B19DA0CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0028BCFD
                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 0028BD1D
                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0028BD53
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(01284B38), ref: 0028BDA4
                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(01284B38,?,00000001,00000030), ref: 0028BDCC
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3808412f0e6c8b659f18603f4c865fff2e18641d63d313655dac7a75faefeb00
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5dd5d43fb1398e8e400c1b3736a18341925621063e07e8e74afce7b69ae9cf25
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3808412f0e6c8b659f18603f4c865fff2e18641d63d313655dac7a75faefeb00
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A451F578612206EBDF12EFA8D888BAEBBF4BF45314F24425DE401E72D1D7709954CB61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00242D4B
                                                                                                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00242D53
                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00242DE1
                                                                                                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00242E0C
                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00242E61
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                              • String ID: &H$$csm
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1170836740-253815091
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bfefc82d3056362a5a5366e5c394be243d4189d6c9afe55c4c2010e69cd8f476
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c1f09571472e94064c7f710421cc589f988588252a49e8814cd989398721cde
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfefc82d3056362a5a5366e5c394be243d4189d6c9afe55c4c2010e69cd8f476
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27412730E20209DBCF18DF69C884A9EBBB4BF44324F548155F815AB392D771AA29CFD0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 0028C913
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                              • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f2ae7d673ee8750468a4f8a0a7ee2785ed38c5a425ad5ba83cf565cf175c719c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 057d27cf7ec2e531d51b56c2c2be1b1caef1bdbf3b0eeeb3f29a007ea9fd884f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2ae7d673ee8750468a4f8a0a7ee2785ed38c5a425ad5ba83cf565cf175c719c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97115B396FA707BAA7057B10DC82DBA639CDF15364B70006BF800A62C2E7B45E205775
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 924da5d91c4d64863b1b67463532fda6f4778fa49dcc9ee2ef55f166140de1f3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 073081e8c7fb93f8804ab8e6230f1016c99176f191069cafda13257390d82741
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 924da5d91c4d64863b1b67463532fda6f4778fa49dcc9ee2ef55f166140de1f3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38115675920105AFCB24BF30EC4AEEE77ACDF11310F1002A9F145AA0D1EFB09AA59F60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 002B9FC7
                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(0000000F), ref: 002B9FE7
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 002BA224
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 002BA242
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 002BA263
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000003,00000000), ref: 002BA282
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 002BA2A7
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000005,?,?), ref: 002BA2CA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1211466189-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b00f049b5db9df5b6978071b82acb3444eaf4f1a030a8fb0fbe5c201706f7f71
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 154eefddcffeea197319c235f4a44d7b686030ec2a847739066a6779ff23e8b2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b00f049b5db9df5b6978071b82acb3444eaf4f1a030a8fb0fbe5c201706f7f71
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30B1DC31610216DFDF14CF68C9897EE7BB2FF44781F088069EC89AB295D731A960CB51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9376653d6998d4b9e10c545522284a5dd982ad0bf668b487894bade9b43fc757
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8711d8c9a8f63ee08abc52b5bf819b9b6eb9467c46a2e82ba428de0af683af61
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9376653d6998d4b9e10c545522284a5dd982ad0bf668b487894bade9b43fc757
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F241B365C2121875CB15FBF4888AACFB7ACAF45710F508462E914F3162FB34E265C7A6
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0027682C,00000004,00000000,00000000), ref: 0023F953
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0027682C,00000004,00000000,00000000), ref: 0027F3D1
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0027682C,00000004,00000000,00000000), ref: 0027F454
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 07e5e387dc3cbede0b64bafb86f306ad0216c6b4e53bf199f344aa5c9ea37637
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c91579f2ee6309fd0272eed6e6a7aa40da20e5c09b86985636d709e58eec1000
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07e5e387dc3cbede0b64bafb86f306ad0216c6b4e53bf199f344aa5c9ea37637
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA415F71A382C1BBC7B48F2CFB8C7367B95AF46324F14853CE08B56660C671A4A0CB11
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 002B2D1B
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 002B2D23
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002B2D2E
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 002B2D3A
                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 002B2D76
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 002B2D87
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,002B5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 002B2DC2
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 002B2DE1
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b160687d39c984b4e7f45b538f4760fd5b0064fec9963693e75d487129c8ceb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5011243f5c9cd12ee7ca4d5b01bc95fd4d2042c057a1fc8b42c285e2c708a7a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b160687d39c984b4e7f45b538f4760fd5b0064fec9963693e75d487129c8ceb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B831A772211210BBEB248F14DC8AFEB3BADEF49751F044165FE08AA291C6B58C50CBA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 559a3c7ba6728736b2806b7fc5c8e4f3babb710de14ebae6fcdf3141a04532ba
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 934f9c33916d62d235825800142acd0b183d4ab0d14ffea43632bb4ad2b92ced
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 559a3c7ba6728736b2806b7fc5c8e4f3babb710de14ebae6fcdf3141a04532ba
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C921C575672A3A77D618BD208E82FFA775CAE21384B444021FD049A5C5F760ED7087A5
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0112cb893266b0aabdb35e5834cd14a3fd0d8ce3e51289b07abfadcb24bcfd4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 714e0f1b3265b4db3d3ec3c73345aefef358f6bf61ebd3cf539800f431395930
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0112cb893266b0aabdb35e5834cd14a3fd0d8ce3e51289b07abfadcb24bcfd4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7D1D371A1061AAFDF10CFA8C880BAFB7B5FF49344F148469E915AB281EB70DD55CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,002617FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 002615CE
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,002617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00261651
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,002617FB,?,002617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 002616E4
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,002617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 002616FB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00253820: RtlAllocateHeap.NTDLL(00000000,?,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6,?,00221129), ref: 00253852
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,002617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00261777
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 002617A2
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 002617AE
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2aa6a372aeb30f0ac45bbc90c66842b6c82cabc6b87c1a6be72450cfa58bae88
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2975811087b485f6c534a186ae855df8796ad8d63023b4876dbeed5f04526719
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aa6a372aeb30f0ac45bbc90c66842b6c82cabc6b87c1a6be72450cfa58bae88
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D491C571E302169ADB218E74CC81AEEBBB5AF49310F5C4659E802E7190D735EDB4CBA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 272ba2b7ab860cd4659cd989f0de511bb60fc4a05281b3c9fd7569fb7941fdbb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 85deb4aec6904e6c24e68b836377c1d7069525d91c60f50c5f7699dcbdab1755
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 272ba2b7ab860cd4659cd989f0de511bb60fc4a05281b3c9fd7569fb7941fdbb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E91B170A20215ABDF24DFA5DC44FAEBBB8EF86714F108559F505AB280DBB0D951CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0029125C
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00291284
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 002912A8
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002912D8
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0029135F
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002913C4
                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00291430
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 86ebe0bdc02c0f4bf2d68011c338408c46b2588a946e14a0f393e254a80be353
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 432eafef56fd25e6ca817212cd179cbcc71160791efc4eb48bdfcaaf6d4556b1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86ebe0bdc02c0f4bf2d68011c338408c46b2588a946e14a0f393e254a80be353
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB91C075E2021AAFEF009F95D884BBE77B5FF49314F104029E900EB291D774A961CF90
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 390240421765af8626ff863ce63226e093338d5c958481b9188df5962c013155
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3257b62ed5643cec0ceb38b55097c532270192776fd00e492da4ff7f573710d5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 390240421765af8626ff863ce63226e093338d5c958481b9188df5962c013155
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D9117B1D1021AAFCB10CFA9C884AEEBBB8FF4A320F148555E515B7251D3B4A991CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 002A396B
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 002A3A7A
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002A3A8A
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 002A3C1F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00290CDF: VariantInit.OLEAUT32(00000000), ref: 00290D1F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00290CDF: VariantCopy.OLEAUT32(?,?), ref: 00290D28
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00290CDF: VariantClear.OLEAUT32(?), ref: 00290D34
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 296cda837ac30788542f21a3169a674d04be2f1949e6a630c894532028a9fffb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3248d63af5bb8fa5a03e96117f7f4184c0387d08a398c7fd0e1ee147770827f4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 296cda837ac30788542f21a3169a674d04be2f1949e6a630c894532028a9fffb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B9156746283059FC700EF64C48096AB7E5BF8A714F14886EF88A9B351DB30EE55CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?,?,0028035E), ref: 0028002B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?), ref: 00280046
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?), ref: 00280054
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?), ref: 00280064
                                                                                                                                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 002A4C51
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002A4D59
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 002A4DCF
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 002A4DDA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d45e6b5019594f1bafc1adb1e6101afc750b4c9bdfeb332c92bf7a3e5f45536f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 77b957ad671a2b45b3c7ea78e482ca7946bb7ea642650b32f02f0f4f90d282ab
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d45e6b5019594f1bafc1adb1e6101afc750b4c9bdfeb332c92bf7a3e5f45536f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88914A71D1022DEFDF14EFA4D880AEEB7B9BF49310F10416AE915A7251EB709A64CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenu.USER32(?), ref: 002B2183
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 002B21B5
                                                                                                                                                                                                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 002B21DD
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B2213
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 002B224D
                                                                                                                                                                                                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 002B225B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00283A57
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetCurrentThreadId.KERNEL32 ref: 00283A5E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002825B3), ref: 00283A65
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002B22E3
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E97B: Sleep.KERNEL32 ref: 0028E9F3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9178f0918d013c42dd7212ab655c9611319a27cbf4cc19394ddeb87337b1213
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bc7966819ad71616307cd02c7abb2bf8be6f94f19b9c978efac3073c6e71e281
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9178f0918d013c42dd7212ab655c9611319a27cbf4cc19394ddeb87337b1213
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6871AC75A20215EFCB10EFA8C845AAEB7F5EF48350F108459E816EB351DB34AE118F90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(01284C78), ref: 002B7F37
                                                                                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(01284C78), ref: 002B7F43
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 002B801E
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(01284C78,000000B0,?,?), ref: 002B8051
                                                                                                                                                                                                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,?), ref: 002B8089
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(01284C78,000000EC), ref: 002B80AB
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 002B80C3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7da40f9c279153508350db807a27df0bb350917ba79cf8da8cee86c08cf7d78
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a71dfb3c90ca4a625121350dcf4d492482f9302ac44f37e43780beb2abca2ac
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7da40f9c279153508350db807a27df0bb350917ba79cf8da8cee86c08cf7d78
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D71C134629206AFEB249F54CC84FFABBB9EF89380F140459F949576A1CB31A865CB14
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0028AEF9
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0028AF0E
                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0028AF6F
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 0028AF9D
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 0028AFBC
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 0028AFFD
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0028B020
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 867b3f5501c589974c2f0d650e81cce341a5932072f7b3f0edf53d5941685d98
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d20831565f69be4fbf942768a8666d561d51d2fb06bb92e2bc5a5e0feea8777f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 867b3f5501c589974c2f0d650e81cce341a5932072f7b3f0edf53d5941685d98
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC5134A4A253D23DFB3766348C45BBABEE95B06304F08848EE2D8458C3C7D9ACE4D751
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0028AD19
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0028AD2E
                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0028AD8F
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0028ADBB
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0028ADD8
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0028AE17
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0028AE38
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff9d35e1a993b12d8e524cf5c465930554597155fb786f958014c37f287c7acd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ac05b14620e7c56144a89abfb96461ab574c80ba441863d8eec5da80eb13688
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff9d35e1a993b12d8e524cf5c465930554597155fb786f958014c37f287c7acd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9513AA49267D23DFB3767348C45B7ABE986B45301F08888AE1D5868C3CB94ECA4D752
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(00263CD6,?,?,?,?,?,?,?,?,00255BA3,?,?,00263CD6,?,?), ref: 00255470
                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 002554EB
                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 00255506
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00263CD6,00000005,00000000,00000000), ref: 0025552C
                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00263CD6,00000000,00255BA3,00000000,?,?,?,?,?,?,?,?,?,00255BA3,?), ref: 0025554B
                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,00255BA3,00000000,?,?,?,?,?,?,?,?,?,00255BA3,?), ref: 00255584
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 57ec039ba53e123fbf953f52a14693e2f67a45d672b8cf4baa20819c1dc79caa
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a28c64fa8f32435108cf69906cf5775be677df5ff458a001315af49c3bbd247
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57ec039ba53e123fbf953f52a14693e2f67a45d672b8cf4baa20819c1dc79caa
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B25105B0A106099FCB10CFA8D895BEEBBF9EF08301F14412AF955E7291E7309A55CB64
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002A307A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A304E: _wcslen.LIBCMT ref: 002A309B
                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 002A1112
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1121
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A11C9
                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 002A11F9
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e54809d13681908b28edcd1d0a8cb1e0c44775c530dcff8178948bb34cd152f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c900910dc9b2cee2a79abd7586dcc39b503dc8293b3465132435575a16c8140e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e54809d13681908b28edcd1d0a8cb1e0c44775c530dcff8178948bb34cd152f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99412531210215AFDB109F54D888BA9B7E9EF46324F248159FD099F291CB70ED61CFE0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0028CF22,?), ref: 0028DDFD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0028CF22,?), ref: 0028DE16
                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0028CF45
                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0028CF7F
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028D005
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028D01B
                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 0028D061
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fb8d024ac39ede49b07d1de0c43d2d91c9f44851c8b31e5ab77f52a98c9a57cd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0094ebf7b2760913cad84ca14f446a5d83b07bcf087188fc27bb67027dd9d60d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb8d024ac39ede49b07d1de0c43d2d91c9f44851c8b31e5ab77f52a98c9a57cd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 904178758162195FDF12FFA4D981ADE77B8AF18340F1000E6E505EB182EB34A6A8CF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 002B2E1C
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B2E4F
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B2E84
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 002B2EB6
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 002B2EE0
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B2EF1
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002B2F0B
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 457dc366bee0c5b3e3926619f8678d56ad19c4df3d1d0c762ff425ac5ed3a995
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 718f4cfdcf488239f83eff0b92e6322d585b309de0dd16a52587ef3dbd38b678
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 457dc366bee0c5b3e3926619f8678d56ad19c4df3d1d0c762ff425ac5ed3a995
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20311430614251DFDB218F19EC88FA537E4EB9A7A0F140164FA009B2B2CBB1F864DB51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00287769
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0028778F
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00287792
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 002877B0
                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 002877B9
                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 002877DE
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 002877EC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8c99a36e524a5f26a1e7404919bf8121b3a8b10c321dc4bb088e7e6a2b16dbf6
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fd9f9f49ff646cb65b68d56bd0d0ef74f6e2e5f2d0b23d1677441a36fe8c4ce7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c99a36e524a5f26a1e7404919bf8121b3a8b10c321dc4bb088e7e6a2b16dbf6
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D121C77A615219AFDF10EFA8DC88CBBB3ACEB097647248135F904DB190D670DD41C760
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00287842
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00287868
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0028786B
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 0028788C
                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 00287895
                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 002878AF
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 002878BD
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f13ab1f71f8be712084c0c0b7ccbc0fcc5d004c82cd41c7dc7c65ad7c988e803
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40f145b9584a7b6dfa5c9da8d506abebdfe308128d4ee7a6a22f1767de1c23e1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f13ab1f71f8be712084c0c0b7ccbc0fcc5d004c82cd41c7dc7c65ad7c988e803
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9721A135619205AFEB10AFA8DC8CDAA77ECEB08360B208125F915CB2A1DA70DC51DB74
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 002904F2
                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0029052E
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b4fa5b76616887ac5816d9583d53e07e4a4b03ff7071cf7f4c46cb74ce4f5b6c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c18a540dc702c9d48e6339a844cf99ae0b30e7a100194c24bf93014850fbecf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4fa5b76616887ac5816d9583d53e07e4a4b03ff7071cf7f4c46cb74ce4f5b6c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF21627591030A9FDF209F29DC88A5A77B4BF44764FA14A29F8A1D62E0D7709960CF20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 002905C6
                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00290601
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 57a2c838d1a11a1356683841a93c97f0bb8c147610b53ce8337f6a104f8e9f6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e684483e6f069f19aa8c20234c2e27c6dbff54032a65578382c21ccd001cac9e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57a2c838d1a11a1356683841a93c97f0bb8c147610b53ce8337f6a104f8e9f6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3021337551030A9FDF209F699C84A5A77ECBF95724F200B19F8A1E72D0D7B09970CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0022604C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: GetStockObject.GDI32(00000011), ref: 00226060
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0022606A
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 002B4112
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 002B411F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 002B412A
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 002B4139
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 002B4145
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5701b8e2fcff6db3cca7a9d3a0ee1d3f8194590811487112a392e49e5f15c8a3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d136f883c82c03251f4de3d2203b8393d90cb160e84472992178c6af71dd21c4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5701b8e2fcff6db3cca7a9d3a0ee1d3f8194590811487112a392e49e5f15c8a3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB11B2B216021ABEEF119F64CC85EE77F5DEF08798F004111BB18A2051C6729C21DBA4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0025D7A3: _free.LIBCMT ref: 0025D7CC
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D82D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D838
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D843
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D897
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D8A2
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D8AD
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D8B8
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e53a58f895afc1d475aedba3eec383fa4110cbf3921a39f76d8dd11b0fd03128
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F118171560B04EAD531BFB0CC07FCBBBDCAF09702F400825BA99A6992DA34B52D4E54
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0028DA74
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0028DA7B
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0028DA91
                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0028DA98
                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0028DADC
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 0028DAB9
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b118d3e95dc466095a3e8644f9d01996370c93a8c277a0ed054b106b30a2b17
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b79b41c728964d92f2e3bb11dc8a3c5e86317fb9355c1a6a11ba8b0accba228
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b118d3e95dc466095a3e8644f9d01996370c93a8c277a0ed054b106b30a2b17
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F90186F69102087FE711EBA4AD8DEF7776CE708301F500592B746E2081EA749E844F74
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(0127E3D0,0127E3D0), ref: 0029097B
                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0127E3B0,00000000), ref: 0029098D
                                                                                                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(?,000001F6), ref: 0029099B
                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 002909A9
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002909B8
                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(0127E3D0,000001F6), ref: 002909C8
                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0127E3B0), ref: 002909CF
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01db12abf965f8079b7315c34a8de3c103f74e8e550c0e558e5a99fc2801db78
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 01eb80a6b07d40274fd6d23bddd6e0f8d9d01964e1caf093f45aa73f3d954ea2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01db12abf965f8079b7315c34a8de3c103f74e8e550c0e558e5a99fc2801db78
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0CD31442512ABEB555F94EE8DAD67A25BF05702F501126F501508A1C775A875CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 002A1DC0
                                                                                                                                                                                                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 002A1DE1
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1DF2
                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(?,?,?,?,?), ref: 002A1EDB
                                                                                                                                                                                                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 002A1E8C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002839E8: _strlen.LIBCMT ref: 002839F2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0029EC0C), ref: 002A3240
                                                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 002A1F35
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cc45a47cf4da5140ff72821057aaafc315503a9ba6b8d192b80131893459eff6
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d32558668fb2274f51333a297de9a6b112827adbc453f4dab45c62c8bb344e56
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc45a47cf4da5140ff72821057aaafc315503a9ba6b8d192b80131893459eff6
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7B1EF71214341AFC324DF64C885E2A7BE5AF85328F54854CF4569F2E2CB71ED62CB92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00225D30
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00225D71
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00225D99
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00225ED7
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00225EF8
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c93c187a5d5154e399bb3b15db5a05457e1fd6896476dcd14393358e47cbfb23
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bde56fe487060a25a0d23fe7359fb8b3710f915bbab2d82735b030defb7807cd
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c93c187a5d5154e399bb3b15db5a05457e1fd6896476dcd14393358e47cbfb23
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6B18C34A2075AEBDB10DFA8D4807EEB7F1FF54310F14851AE8A9D7250DB30AAA1DB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 002500BA
                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002500D6
                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 002500ED
                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0025010B
                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00250122
                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00250140
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3338497e4d88acd61c6b2f98d91aaab074c912bcfcb49b5cc35c030b1d79cc38
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18811D72A20B069BD7249F78CC81B6B73E8AF41325F254139FC15D76C1E770E9288B55
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,002482D9,002482D9,?,?,?,0025644F,00000001,00000001,8BE85006), ref: 00256258
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0025644F,00000001,00000001,8BE85006,?,?,?), ref: 002562DE
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002563D8
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 002563E5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00253820: RtlAllocateHeap.NTDLL(00000000,?,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6,?,00221129), ref: 00253852
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 002563EE
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00256413
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a75355bce2494fa04ca61dc2b0b1fb41d19e10f7af3cec5712a08a29c4f4c74b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9434fb2552f4b5b21d844ee6e8b8ffc4b351d9ec8fa03d9dabe255a2bc04a1a4
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a75355bce2494fa04ca61dc2b0b1fb41d19e10f7af3cec5712a08a29c4f4c74b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96511572630217BBEB258FA4CC89EAF77A9EB44B51F544268FC05D7140DB34DC68CA64
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002AB6AE,?,?), ref: 002AC9B5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002AC9F1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA68
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA9E
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002ABCCA
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002ABD25
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002ABD6A
                                                                                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 002ABD99
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002ABDF3
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 002ABDFF
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 35226f8b8a453f8daa54adc3ced5eea70a454ef9c5236c4d09026060c9b90a38
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ea407ae55720b88b7ea563beab51adb72eb02173553e5c765af3d54641080a8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35226f8b8a453f8daa54adc3ced5eea70a454ef9c5236c4d09026060c9b90a38
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D818930228241AFC715DF64C885E2ABBE5BF85308F14896DF4598B2A2CB31ED55CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000035), ref: 0027F7B9
                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000001), ref: 0027F860
                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(0027FA64,00000000), ref: 0027F889
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(0027FA64), ref: 0027F8AD
                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(0027FA64,00000000), ref: 0027F8B1
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0027F8BB
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13c79cbfaa5e4a7e4fb1973e8d890e2de21a24a64510e13c778bad2891c5877d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2466174334a6daa1055e3ee581a22a536ed9bab5321bb4e92d9c35a8a5f4e039
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13c79cbfaa5e4a7e4fb1973e8d890e2de21a24a64510e13c778bad2891c5877d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A51E631538310FACF90AF65D995769B3A4EF45310F24D467E909EF291DB708C60CB66
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00227620: _wcslen.LIBCMT ref: 00227625
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 002994E5
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00299506
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0029952D
                                                                                                                                                                                                                                                                                                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 00299585
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1b15e30637e62331e9a0feb6d68036c254a9d61c08163add4259fc0090e6c2c9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8fedefe05375ee78b772d7575aa645b6ea187e90cec8c3570f4f6181d2d76f8b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b15e30637e62331e9a0feb6d68036c254a9d61c08163add4259fc0090e6c2c9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E1C4315283519FCB14DF68D481B6AB7E4BF84310F04896DF8899B2A2DB31DD65CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?,?), ref: 00239241
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 002392A5
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002392C2
                                                                                                                                                                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 002392D3
                                                                                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?,?,?,?), ref: 00239321
                                                                                                                                                                                                                                                                                                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 002771EA
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239339: BeginPath.GDI32(00000000), ref: 00239357
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 090b1565247434f0cb1d6c8b46c73933e17e21ab0c2aca521832c497355fdee7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d76a363ca0e910def3fbfdb01436a5db0057230ffdfad465ae6aeb79cf04e6af
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 090b1565247434f0cb1d6c8b46c73933e17e21ab0c2aca521832c497355fdee7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8041D2B0114301EFD710DF24DC88FBA7BA8EF86360F100669F9A8971A1C7B198A5DF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0029080C
                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00290847
                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00290863
                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 002908DC
                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 002908F3
                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00290921
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4cd22c6bae9d538d1de96f13b61f79efc9090c3aa3e64e382bf50c3e4c712add
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 038c306e1cb3fc88798a1023446ae78c4d53ab22eda94c34df63ce8b4d7de293
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4cd22c6bae9d538d1de96f13b61f79efc9090c3aa3e64e382bf50c3e4c712add
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30416A71A1020AEFEF14AF54ECC5AAA7778FF04700F1440A9ED04AE296D730DE65DBA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0027F3AB,00000000,?,?,00000000,?,0027682C,00000004,00000000,00000000), ref: 002B824C
                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 002B8272
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 002B82D1
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 002B82E5
                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 002B830B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 002B832F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 07e55c1644076427f8248bce33457f896992a6b2df8e9dbebbc29c94689fb349
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e6ab0d095d7d733dd19f3fc714eece2dcbfaf77f5228f0b053e734547087164
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 07e55c1644076427f8248bce33457f896992a6b2df8e9dbebbc29c94689fb349
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E41B434601685EFDB15CF14D899BF47BE8BB4A794F1842A9E90C4F262CB71AC61CB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00284C95
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00284CB2
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00284CEA
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00284D08
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00284D10
                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00284D1A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 71f70e8efd141847c557208c9a5c546e08e9a7cc9d5d198b265341ed42ff5189
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0691a0176da34c5591864c7f82100f16616a9973bc9723ffd27c65f60395684a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71f70e8efd141847c557208c9a5c546e08e9a7cc9d5d198b265341ed42ff5189
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3213B76615202BBEB197F35EC09E7B7B9CDF45750F10803AF805CA1D1EAA1DC2197A0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00223AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00223A97,?,?,00222E7F,?,?,?,00000000), ref: 00223AC2
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0029587B
                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00295995
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(002BFCF8,00000000,00000001,002BFB68,?), ref: 002959AE
                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 002959CC
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 859cb4438573d5c8cc7db0437e77098b4d3d7274c66a25e7993ded91fd8b75ad
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 959a8b6febca7557382ba8506eb6dceff87837e28a818ffd44d95fbe5518881c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 859cb4438573d5c8cc7db0437e77098b4d3d7274c66a25e7993ded91fd8b75ad
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6D17271628621AFDB05DF24C490A2ABBE1FF89314F14885DF8899B361DB31EC55CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00280FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00280FCA
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00280FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00280FD6
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00280FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00280FE5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00280FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00280FEC
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00280FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00281002
                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000000,00281335), ref: 002817AE
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 002817BA
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 002817C1
                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 002817DA
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00281335), ref: 002817EE
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 002817F5
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88989617ce4e44d41ea74ee935104e10554027dcab321318de6b7728558e5c6d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e3f5e8bd8164aaa7267f7e8eed4afe4595c3ff0add27ca50fc153e7774fd361
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88989617ce4e44d41ea74ee935104e10554027dcab321318de6b7728558e5c6d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A11E175522205FFDB10AFA4EC48BAEBBBCEF41355F20411DF441A7190C735A921CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 002814FF
                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00281506
                                                                                                                                                                                                                                                                                                                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00281515
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000004), ref: 00281520
                                                                                                                                                                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0028154F
                                                                                                                                                                                                                                                                                                                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 00281563
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 08838b58c6c639885cad34a5aa260ba016fdf073e284f811cef99134009df26e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1e86b4f58a2f999f962d193ce70bcba4719913ed2ccc6a1991a9860041dba7f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08838b58c6c639885cad34a5aa260ba016fdf073e284f811cef99134009df26e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E811677650520EABDF11AFA8ED49FDE7BADEF48704F144164FA05A20A0C375CE61EB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00243379,00242FE5), ref: 00243390
                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0024339E
                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002433B7
                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00243379,00242FE5), ref: 00243409
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 685c08f63da4637052a42bd487c2e0c144e94259bda4bb518f8d3ea05735e739
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 68b46e97575bc92dc673a2f2b6d238bf5eef71b08eccbb43c58d8aab29cc0577
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 685c08f63da4637052a42bd487c2e0c144e94259bda4bb518f8d3ea05735e739
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC012D33238313BEA61C6FB4BCC95661E94D7053753300229F420841F5EF114E325D84
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00255686,00263CD6,?,00000000,?,00255B6A,?,?,?,?,?,0024E6D1,?,002E8A48), ref: 00252D78
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252DAB
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252DD3
                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,0024E6D1,?,002E8A48,00000010,00224F4A,?,?,00000000,00263CD6), ref: 00252DE0
                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,0024E6D1,?,002E8A48,00000010,00224F4A,?,?,00000000,00263CD6), ref: 00252DEC
                                                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 00252DF2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 053f84fe7b2a967af9a35335e1bbae65e88767b6ddc22e31df4a0be862b62c36
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: eaa3a5925dcbe909c3bbaa9e439a426088568a45870a52b5a94861b8143ed143
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 053f84fe7b2a967af9a35335e1bbae65e88767b6ddc22e31df4a0be862b62c36
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95F0F932566901E7C21227747C0AE5A2665ABC37A3F344119FC24E62D2DF308C3D4528
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00239693
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: SelectObject.GDI32(?,00000000), ref: 002396A2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: BeginPath.GDI32(?), ref: 002396B9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: SelectObject.GDI32(?,00000000), ref: 002396E2
                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 002B8A4E
                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 002B8A62
                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 002B8A70
                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 002B8A80
                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 002B8A90
                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 002B8AA0
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b6ac35928da84aefa9b28fb8ffe0392dd3a210d50d3fdb37de2358e10743c7b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04c7e0e233a595fb44ecc7c4a629931dda95a0af18ebe9021f88375bcfb9e8a1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b6ac35928da84aefa9b28fb8ffe0392dd3a210d50d3fdb37de2358e10743c7b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89110976400149FFDB129F94EC88EAA7F6CEB08390F148522BA199A1A1C7719D65DFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00285218
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00285229
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00285230
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00285238
                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0028524F
                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00285261
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f92f27a72f2199fa50ed41edc35be20eab36a12c6e4dd0e8a3fa156c03ea007
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fac198f173bc03a3f69100a48abf4ba99dc4fd1c06fe5af6eace2cdfbfd2461d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f92f27a72f2199fa50ed41edc35be20eab36a12c6e4dd0e8a3fa156c03ea007
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C001A775E05715BBEB106FA99C49E4EBFB8EF44351F144165FA04A7281DA709C10CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00221BF4
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00221BFC
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00221C07
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00221C12
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 00221C1A
                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00221C22
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dccd7a8c5ca0d5a86ebad2a436ad427afe7b8117fbaf50dcec16b7233fe9232f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 06e1cef72db98325e859727a62d527820acf9c16e1b36b2508b85fb5923b9ad0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dccd7a8c5ca0d5a86ebad2a436ad427afe7b8117fbaf50dcec16b7233fe9232f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D80167B0902B5ABDE3008F6A8C85B52FFA8FF59354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0028EB30
                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0028EB46
                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 0028EB55
                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0028EB64
                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0028EB6E
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0028EB75
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f28b9119e2c4cd7d6495aa5e3f3b6ca54a7a7aeccf4f183bfa627be8efec39a1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: abedc2bdb503b9108d79dd90895db5a41ecfd2b3a11af6bb859176c90d36e4ff
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f28b9119e2c4cd7d6495aa5e3f3b6ca54a7a7aeccf4f183bfa627be8efec39a1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35F05472141159BBE7215B52EC0EEEF3F7CEFCAB11F100269F601E1091E7A05A01C6B5
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?), ref: 00277452
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 00277469
                                                                                                                                                                                                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 00277475
                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 00277484
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00277496
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 002774B0
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b97879ebfa1e5d989d1967a66daf76f261e583c10294b8e0fae03f0ba0feb229
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b16a7aebe375edefe6a1fb11e3c11cbf995b57943ac596bf0c1083ad1385f0e1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b97879ebfa1e5d989d1967a66daf76f261e583c10294b8e0fae03f0ba0feb229
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62014B31410215EFDB515F64EC0CFAA7BB9FB44321F654264F919A21A1CB711E61EB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0028187F
                                                                                                                                                                                                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 0028188B
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00281894
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0028189C
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 002818A5
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 002818AC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a9423c803ed76118158ff25e6375626432e6cb5b18f6e7983e459adca52d0a3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 099ed2cab3953b9cc211a0ca24171806cd0c6a9d048f5292234ba7c7375ecfbf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a9423c803ed76118158ff25e6375626432e6cb5b18f6e7983e459adca52d0a3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4E0E576004101BBDB016FA5FD0C90ABF79FF49B22B608331F22991070CB329420DF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0022BEB3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                              • String ID: D%/$D%/$D%/$D%/D%/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-677403568
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f1519675473f55bac6205b0614cb2a93c985eb31696e4ceca185db086e4f919e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 15cda14968cf3f8b47712ee912e0346dc540d7f28611298c62d0f9669095e722
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1519675473f55bac6205b0614cb2a93c985eb31696e4ceca185db086e4f919e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA917E75A2021AEFCB19CF98D0906B9B7F1FF59310F60816AD941AB350D771ADA1CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00240242: EnterCriticalSection.KERNEL32(002F070C,002F1884,?,?,0023198B,002F2518,?,?,?,002212F9,00000000), ref: 0024024D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00240242: LeaveCriticalSection.KERNEL32(002F070C,?,0023198B,002F2518,?,?,?,002212F9,00000000), ref: 0024028A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400A3: __onexit.LIBCMT ref: 002400A9
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 002A7BFB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002401F8: EnterCriticalSection.KERNEL32(002F070C,?,?,00238747,002F2514), ref: 00240202
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002401F8: LeaveCriticalSection.KERNEL32(002F070C,?,00238747,002F2514), ref: 00240235
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: +T'$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 535116098-127623859
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cf8ab7dbd237c251a0ab258d509247a130f3be006666f091ffd74926c4232118
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f38bd7fb663006bdde01923197a8478c399b72742f5777fce33bb1791591b525
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf8ab7dbd237c251a0ab258d509247a130f3be006666f091ffd74926c4232118
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F919D70A24209EFCB04EF94D8919BDB7B2FF4A300F50805AF8069B291DB71AE65CF55
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00227620: _wcslen.LIBCMT ref: 00227625
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0028C6EE
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028C735
                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0028C79C
                                                                                                                                                                                                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0028C7CA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c1a9a04bf73293ba4fea4c0204fd52380c49ef695035aea48ca6a554c1afd5a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 879e37b084341de292441175ede1e7ceae5c8f016e69b693639420a67ca3d518
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c1a9a04bf73293ba4fea4c0204fd52380c49ef695035aea48ca6a554c1afd5a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A51D1756363129BD714AF28D885A6BB7E8AF89310F240A39F995D31D0DB70D824CF62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 002AAEA3
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00227620: _wcslen.LIBCMT ref: 00227625
                                                                                                                                                                                                                                                                                                                                                              • GetProcessId.KERNEL32(00000000), ref: 002AAF38
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AAF67
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e04e35cebf969e10e749f2f0d2eca8250639b2747bf0631110655337eb99e8f8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c8ebde727f6327f873ed59ff950858555ce993e4d3e153c04ec9cf9dc83a79de
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e04e35cebf969e10e749f2f0d2eca8250639b2747bf0631110655337eb99e8f8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85718870A10225DFCB14DF94D484A9EBBF0BF09300F0484A9E816AB762CB75ED65CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00287206
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0028723C
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0028724D
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 002872CF
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4e4745606e8a69c729cef1be663c2cd9c3e60b20e58f13ddc6363285b5cff1d8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: de09e141d790da693498bc0793462f507afc18a632c2dbff834f390f5be148f1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e4745606e8a69c729cef1be663c2cd9c3e60b20e58f13ddc6363285b5cff1d8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0419175625204EFEB15DF54C884A9A7BB9EF44310F2480A9BD099F29ED7B0D950CBA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002B3E35
                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 002B3E4A
                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002B3E92
                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 002B3EA5
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 17177dde31c2bdc989f706811a39668d88c8c48cf233daf6d0842d2483a899ea
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f06afdb769f6be470af4d8c9dede952d2e99d14fc0a7a5d4dad5bccb7aaefaf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17177dde31c2bdc989f706811a39668d88c8c48cf233daf6d0842d2483a899ea
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A414D75A2020AEFDB10DF50D884AEA77B5FF44394F04412AF915AB250D770EE64CF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00281E66
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00281E79
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 00281EA9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e6a0135660b87b89a7bc702dbea09db86e4d6a942207cf8b2c44ffd7307cf9c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71e2d02090c7a310d0e4619aebc228031755181512d851a553aac1b1fde39a25
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e6a0135660b87b89a7bc702dbea09db86e4d6a942207cf8b2c44ffd7307cf9c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99212375A21104BADB18AFA4EC49CFFB7BCEF46354F144129F825A31E0DB74493A8B20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 002B2F8D
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 002B2F94
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 002B2FA9
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 002B2FB1
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bd6606eed5802e324a398fd16f6bb8784dd7cbb16ecf02b924b49da0b594839e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5068b21f97ac37a00496beb0134ab3635544f716c1e6092bff22ad9bf4fa6315
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd6606eed5802e324a398fd16f6bb8784dd7cbb16ecf02b924b49da0b594839e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54218872220206EBEB104EA4AC88EBB37B9EB593A4F104228FA5092590D671DC659B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00244D1E,002528E9,?,00244CBE,002528E9,002E88B8,0000000C,00244E15,002528E9,00000002), ref: 00244D8D
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00244DA0
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00244D1E,002528E9,?,00244CBE,002528E9,002E88B8,0000000C,00244E15,002528E9,00000002,00000000), ref: 00244DC3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a974e1230b3cc50f979cdee9da74a6d2cdc618211ef67181fb9c18dd91e3a752
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14db5f2fecd2339640cbe833478f90a60685953657a1aa7a4c3e596a4a88186a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a974e1230b3cc50f979cdee9da74a6d2cdc618211ef67181fb9c18dd91e3a752
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15F0C830960208FBDB195F94EC4DB9DBFF4EF04711F100198F909A2250CB705D50CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32 ref: 0027D3AD
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0027D3BF
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0027D3E5
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0131586833bdb846248f94a49f41dbff70a856ed0ad086c403f2dc8d5bd3dea
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8807371132b33ef4046de6d83179c301bb8b2844e3e17a6e7442b18734a3cc85
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0131586833bdb846248f94a49f41dbff70a856ed0ad086c403f2dc8d5bd3dea
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BF020718366228BD3645B249C4C9697334AF10B01BA1C2A4F90EF205ADBB0CDB18A92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00224EDD,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E9C
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00224EAE
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00224EDD,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224EC0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f8aae1596bc55ecc7c9066e29a4fc18c26c0c29303b1c2715dedb61560ebfce
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce20dde6c8d959ebbc9b6a5bf77957622f2fc915f8ef579e63089500c6d4e730
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f8aae1596bc55ecc7c9066e29a4fc18c26c0c29303b1c2715dedb61560ebfce
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63E0CD75A316336BE2322F69BC1CB5F6558AF82F637160215FD04F3200DBA0CD1240B0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00263CDE,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E62
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00224E74
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00263CDE,?,002F1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00224E87
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4803f4a184d942796e14c9d7ec2b9540195e2208d90204af1587eeff6120ffff
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b52f20a9861f4e747029060e04851247c41e4216339a516be838d9740af1cff
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4803f4a184d942796e14c9d7ec2b9540195e2208d90204af1587eeff6120ffff
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DD01235532633676A222F697C1CD8F6A18AF86B553960615F919B6124CF60CD2285E0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00292C05
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00292C87
                                                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00292C9D
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00292CAE
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00292CC0
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ae7d2043fb983f642299c483f9e5daf815687dc46bbbe01b23b3cc14f9ae509
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b05a2eaa58a5c33e53e766d3210df3403c68747b93974aa73c9d43d1bd2807d6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ae7d2043fb983f642299c483f9e5daf815687dc46bbbe01b23b3cc14f9ae509
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEB15D72D20129BBDF25DFA4DC85EDEB7BDEF08350F1040A6F509E6141EA709A588F61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 002AA427
                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 002AA435
                                                                                                                                                                                                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 002AA468
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 002AA63D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f52b7c9ac2f7eb8f37f08143e7f7d5d297f6f875887ac19159538a8f72a2953a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 483e00f1cad213f23d28c3d3d7c75a382adb26c9019f6e79ad52c334d3206730
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f52b7c9ac2f7eb8f37f08143e7f7d5d297f6f875887ac19159538a8f72a2953a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AA1D071614301AFD720DF24D886F2AB7E5AF88714F14885DF55A9B292DBB0EC50CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,002C3700), ref: 0025BB91
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,002F121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0025BC09
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,002F1270,000000FF,?,0000003F,00000000,?), ref: 0025BC36
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025BB7F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025BD4B
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2cd09a4eec052abcbd54911a19754d407360c9ccd3958cce8f6a24229094c7f1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 18082d49278fc21071e7788040473c5d6cc5b316cc1ffdb7db4d1898343563c1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cd09a4eec052abcbd54911a19754d407360c9ccd3958cce8f6a24229094c7f1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83514C71810219EFCB11EFA5DC859BEB7BCEF41362B10026AEC10E7191EB708D68CB58
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0028CF22,?), ref: 0028DDFD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0028CF22,?), ref: 0028DE16
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E199: GetFileAttributesW.KERNEL32(?,0028CF95), ref: 0028E19A
                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0028E473
                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0028E4AC
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028E5EB
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028E603
                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0028E650
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d8558c4bf1a3e9981e88a33eb7c43ade96a58943f8ab8bccfe9e89a0dbda3627
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 591a294ea8a682657c45ea73c0441d0093d31e968449119288437c685acbeee6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8558c4bf1a3e9981e88a33eb7c43ade96a58943f8ab8bccfe9e89a0dbda3627
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 795173B64193455BCB24EFA0D8819DF73ECAF84340F40492EF689D3191EF74A6988B66
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002AB6AE,?,?), ref: 002AC9B5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002AC9F1
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA68
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002AC998: _wcslen.LIBCMT ref: 002ACA9E
                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002ABAA5
                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002ABB00
                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 002ABB63
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 002ABBA6
                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 002ABBB3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ec273c88c30b7675fa8c1eb30d5dc83f8f5b71b40caf76ace5f87f41b4fbbe16
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 735b67b57cc732e54e50f4b908c6c1ad1505c922aa68d87ddee5cc4301ac6240
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec273c88c30b7675fa8c1eb30d5dc83f8f5b71b40caf76ace5f87f41b4fbbe16
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B761AF31228241AFC315DF64C490E2ABBE5FF85308F54895CF4998B2A2CB31ED55CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00288BCD
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00288C3E
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00288C9D
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00288D10
                                                                                                                                                                                                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00288D3B
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8282d766589e958d15a6c2af087e6224a2aed18104329afd457a0c6fdf4ab893
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a39b92e08b944860c80a9e51f2568e8716cbc27672c1d386140555fb6f74675
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8282d766589e958d15a6c2af087e6224a2aed18104329afd457a0c6fdf4ab893
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10518AB5A11219EFCB14DF28C884AAAB7F8FF89310B158569E905DB350E730E921CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00298BAE
                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00298BDA
                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00298C32
                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00298C57
                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00298C5F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7adcde813ca0c73bb6fb823879ec7380e8cc24ba3192b55e1249bc498eddf668
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ff6914af2344a6f0cfdc3c09fe01510f77f548d966b8788a5d4bbd6beddff85
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7adcde813ca0c73bb6fb823879ec7380e8cc24ba3192b55e1249bc498eddf668
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C514835A10219AFCB05DFA4D884A6DBBF5FF49314F088059E849AB362CB35ED61CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 002A8F40
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 002A8FD0
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 002A8FEC
                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 002A9032
                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 002A9052
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00291043,?,7644E610), ref: 0023F6E6
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0027FA64,00000000,00000000,?,?,00291043,?,7644E610,?,0027FA64), ref: 0023F70D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 669425a4fc90ac0690ce71f201903a7b84bb1860e8acf43aeb50de2a8abb7a1e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d1cf0ae328736118ed73744a4c29d2e709f04d15f9e82bced832cbe55334386
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 669425a4fc90ac0690ce71f201903a7b84bb1860e8acf43aeb50de2a8abb7a1e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00514A34610216EFC711DF68D4848ADBBB1FF4A314F5480A8E819AB762DB31ED95CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 002B6C33
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 002B6C4A
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 002B6C73
                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0029AB79,00000000,00000000), ref: 002B6C98
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 002B6CC7
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8453de23c78bdb2ed8f8e5db2454ddd98446dab61c36565f46684d6e48d705ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d6cc31722bee8d7f4e1e40a35bca2173821d59868ed5b8661f28927530909269
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8453de23c78bdb2ed8f8e5db2454ddd98446dab61c36565f46684d6e48d705ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B41B235624105AFD724CF68CC5CFF97FA5EB093A0F140269F995A72E0C3B5AD61CA90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7c00508dfd03e8f5ec28f9609ae9273d03f66b27299dd049cfc1842b96423c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7db52e9b8133a484b0b79a6e64f95253210a1f602c79cf93228997ec16715a7f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7c00508dfd03e8f5ec28f9609ae9273d03f66b27299dd049cfc1842b96423c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5541E472E10200DFCB24DF78C980A5EB3A5EF8A314F258568E915EB3D2D731AD19CB94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00239141
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 0023915E
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 00239183
                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 0023919D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2961968ce8457940772cfd749ea75a2b90f3b5f956a910e345c5d8984c2ced6b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9eff21cd682185dd78cea891292ac311a2fcf4052203ca596f7a6a99d9e0f761
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2961968ce8457940772cfd749ea75a2b90f3b5f956a910e345c5d8984c2ced6b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A416071A1861BFBDF159F64C848BEEB774FB05320F208216E46DA3290C77059A4DF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 002938CB
                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00293922
                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0029394B
                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00293955
                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00293966
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 989da1d681fa4078d405b5df84f58c943e98291d91150ad351279fcc5d169a0f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 07e58cf428c6ed6f418039f30d53c6e6b0c086db3fef0be0b1c47813e2c15880
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 989da1d681fa4078d405b5df84f58c943e98291d91150ad351279fcc5d169a0f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A831E070924342DEFF35CF34A80CBB637E8AB11350F54056DE466C21A0E3F0AAA4CB21
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0029C21E,00000000), ref: 0029CF38
                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 0029CF6F
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,0029C21E,00000000), ref: 0029CFB4
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0029C21E,00000000), ref: 0029CFC8
                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0029C21E,00000000), ref: 0029CFF2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c60d0f257c04f5c24db19f6007dd9a2fc91751f120873a2fac7568abaf268520
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04bf6a2ca544a33dee44ed5a226bb86f821c514e95b789d5d81922fd62447912
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c60d0f257c04f5c24db19f6007dd9a2fc91751f120873a2fac7568abaf268520
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB315EB1920206EFDF20DFA5D9889ABBBF9EF14350B20442FF506D2551DB30AE50DB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00281915
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 002819C1
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 002819C9
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 002819DA
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 002819E2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 41f76b9e6c0bea590852b47c4951a26aa7c77987e4524a2fb874fa958517831a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c4d460bc1638b9f770c316215482a62b0d63feb1277a99551fe958143a74e534
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41f76b9e6c0bea590852b47c4951a26aa7c77987e4524a2fb874fa958517831a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A31F175910219EFCB04CFA8DC88AEE3BB9EB44314F104325F961A72D0C3B09961CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 002B5745
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 002B579D
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B57AF
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B57BA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 002B5816
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 66328fb701b3b1d392bfe6645eca697e8f89bd91f5f15503c6f8b4ed732c3e38
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d7c1cc0430942c0ff4a9091762419a21510f3fa569f70c61f580398a65b8756f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66328fb701b3b1d392bfe6645eca697e8f89bd91f5f15503c6f8b4ed732c3e38
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD216471924629DADB209F60DC45BEDB778FF447A4F104216FA299E180D77089A5CF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 002A0951
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 002A0968
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 002A09A4
                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 002A09B0
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 002A09E8
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f451c41feec071cdb4b995bff4ded39dd2dddcccdb6b3504caf340afa0a5d7f2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7349af73c457e2f4e03a34af2d4ebb6c8dee22676fc25f56128aab0ab71cd890
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f451c41feec071cdb4b995bff4ded39dd2dddcccdb6b3504caf340afa0a5d7f2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22218435610214AFD704EFA9D889A5EB7E9EF45700F14816DF85A97752CB70AC14CF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0025CDC6
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0025CDE9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00253820: RtlAllocateHeap.NTDLL(00000000,?,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6,?,00221129), ref: 00253852
                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0025CE0F
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025CE22
                                                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0025CE31
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 223016f828e9291ddb5936244c36f995b13f9f8a4d64b2c61108095f165f30f8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: abb17648a81539489499f73aafad70cdd42b1dd1a9067327400f0659c6473e63
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 223016f828e9291ddb5936244c36f995b13f9f8a4d64b2c61108095f165f30f8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9201D8726213167F23211A7A6C4EC7B696DDEC6BA23350229FD05D7200FA71CD2581B8
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00239693
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 002396A2
                                                                                                                                                                                                                                                                                                                                                              • BeginPath.GDI32(?), ref: 002396B9
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 002396E2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9584fab8e47dd395ce5c864e015535301058d29aab809fd36a14bd7fc8abb076
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d08cc0fb945da646d9eaf57eb9237d74145f71694b6282dc2fa487df5c8f995
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9584fab8e47dd395ce5c864e015535301058d29aab809fd36a14bd7fc8abb076
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 342160B082224AEBDB119F29FC1D7B93B6CBB117A5F504225F414A61A0D3F098B1CFD0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b63e0b020210d9c72265cc327c3ab0d2086fd519a850b8aff002d5086b5b4830
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 348b2b0faea85cca48f136011402f3fe48718256b685254306817db96ca2ba9a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b63e0b020210d9c72265cc327c3ab0d2086fd519a850b8aff002d5086b5b4830
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9401B9696B2615BBE20CA910DE42FFBB75C9B25394F448031FD049A2C1F760ED7087A4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0024F2DE,00253863,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6), ref: 00252DFD
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252E32
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252E59
                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00221129), ref: 00252E66
                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00221129), ref: 00252E6F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3425ba5f23bf39e712e80b6c2e078cb2a38e10fbe1846e2e1f6e4196ac4eae6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2427e307dad7fdf2ef2dcdd4d842d34696fc833384180448d1ac3bc47b23470
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3425ba5f23bf39e712e80b6c2e078cb2a38e10fbe1846e2e1f6e4196ac4eae6e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E901F932175A01E7C6126B747C8BD2B2659ABD33A7B344129FC25E22D3EE70AC3D4528
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?,?,0028035E), ref: 0028002B
                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?), ref: 00280046
                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?), ref: 00280054
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?), ref: 00280064
                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0027FF41,80070057,?,?), ref: 00280070
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a2083c27ebc939bbf88e1e6e3787ac091133ad83afae559c6401c7dbae497b78
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f4a8d01c39ac0be13e7af29a5af86f1eee13acd0624507203aeaa251b7e2845
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2083c27ebc939bbf88e1e6e3787ac091133ad83afae559c6401c7dbae497b78
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB01267A611214FFDB515FA8EC88BAA7BFDEF44352F244224F805D2250D771DD049BA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0028E997
                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 0028E9A5
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0028E9AD
                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0028E9B7
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32 ref: 0028E9F3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a8acac1279d190ceea47aeab0a9fb688d3265208206c60cc6df9bd7619239c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d0d86988b0dd15912183d927784d62fafd17c48d20ed25d3d4616f805f64ef0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a8acac1279d190ceea47aeab0a9fb688d3265208206c60cc6df9bd7619239c2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC016D35C22529DBCF00AFE8EC4D6DDBB78FF08301F110656E942B2180CB709564CB62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00281114
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281120
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 0028112F
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00280B9B,?,?,?), ref: 00281136
                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0028114D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 286891890a9d71a58584e20db3ea77757374e6cef03d38e06bf4d1d3ee14b280
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f4ea56d67171f7d2dc4c0bff51df7479e04be9547e7d210ee0ea9600ed4d2c1f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 286891890a9d71a58584e20db3ea77757374e6cef03d38e06bf4d1d3ee14b280
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF018179101205BFDB115F64EC4DEAA3F6EEF85360B204425FA45D3390DB31DC109B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00280FCA
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00280FD6
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00280FE5
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00280FEC
                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00281002
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac6cbeaa3a0e6d3b335164bc05ddfba23d44a7b2c6d7c4648a161479dd8232c7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7148da38a975cd2aa4fbfe89932f2dce981293d98cfb25aa97168fc64f54a9a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac6cbeaa3a0e6d3b335164bc05ddfba23d44a7b2c6d7c4648a161479dd8232c7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35F0C279101301EBD7212FA4EC4DF563BADEF89761F204425FD09D7290CA30DC508B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0028102A
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00281036
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00281045
                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0028104C
                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00281062
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: afe80ba2a4a5c21f42a99dffe63235604d47cc4a4ec9a2e8a0915003ac971214
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2946468a0922ba78fa7a0fd717c7d3764de37cfb9424234fd4d4d0fcf9924bf7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afe80ba2a4a5c21f42a99dffe63235604d47cc4a4ec9a2e8a0915003ac971214
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8F0CD79201312EBDB212FA8EC4CF573BADEF89761F200425FE09D7291CA30D8608B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 00290324
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 00290331
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 0029033E
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 0029034B
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 00290358
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0029017D,?,002932FC,?,00000001,00262592,?), ref: 00290365
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 57b624b10f7ce1235eb469247b845ef2db406d17dbf29c589a354c46c6cd6092
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c4357eff34d4cad67b2ae1936cd2367e4ed056a8e9b7c18b6ce2c7823b167c86
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57b624b10f7ce1235eb469247b845ef2db406d17dbf29c589a354c46c6cd6092
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F801AE72810B1A9FCB30AF66D8C0816FBF9BF603153158A7FD19652931C3B1A968DF84
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D752
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D764
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D776
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D788
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025D79A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e4ce31c8b12759628ea500673370b75b27713b77ac407b75ed616ceb06079c06
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f5405337d6cd145b878048215df7a735b8a58ddd154b0bc6d8cdbda7731980fc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4ce31c8b12759628ea500673370b75b27713b77ac407b75ed616ceb06079c06
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F06832560249EB8635EF54F9C5C56BBDDBB093127B41805F848E7542C730FC988A68
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00285C58
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 00285C6F
                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00285C87
                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 00285CA3
                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 00285CBD
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac3a9bbec0a1b7b6187ea3320b7fda289a158a72c01ee83554c20b189ac8d48f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 273f377e3eaa33bac6c118050bc33fe5c462869f0a7450e0031f05ab7d55e7ef
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac3a9bbec0a1b7b6187ea3320b7fda289a158a72c01ee83554c20b189ac8d48f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59018134511B14ABFB216F10ED4EFA677BCBB00B05F00166AB583A14E1DBF4A9A48F90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 002522BE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000), ref: 002529DE
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002529C8: GetLastError.KERNEL32(00000000,?,0025D7D1,00000000,00000000,00000000,00000000,?,0025D7F8,00000000,00000007,00000000,?,0025DBF5,00000000,00000000), ref: 002529F0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 002522D0
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 002522E3
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 002522F4
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00252305
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1db071fca0244fec60901206ea7ddc69d41dabb79f04b4371dcf519500ff9879
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 879c9efd148be99a1362aadb72df5063d7a5c7b01ea13e60e1daa61de81c8d0e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1db071fca0244fec60901206ea7ddc69d41dabb79f04b4371dcf519500ff9879
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDF054B4460121DB8713AF94BC498A83B64F7197B2B601626FC14E63F2CB31043ADFE8
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 002395D4
                                                                                                                                                                                                                                                                                                                                                              • StrokeAndFillPath.GDI32(?,?,002771F7,00000000,?,?,?), ref: 002395F0
                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00239603
                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32 ref: 00239616
                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00239631
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a438505f8152d24eff81daae2c0aba1b7ea8cb0203913efaec1c7a080898f79a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49d1915aadc830d853fa4a09f3fbfee186086769c5a5fb60c75af54bc7f1eee8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a438505f8152d24eff81daae2c0aba1b7ea8cb0203913efaec1c7a080898f79a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6F01930026249EBDB126F69FD1C7793B65AB113B2F548324F469550F0C7B089B5DFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f84cf6e46497aa6764927e8908b7a7932702da719733053900909016500f8eb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3c03a4479d511ba6da97e41bd5606c36e35f67fff374cf9496672bcdd7ccb7d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f84cf6e46497aa6764927e8908b7a7932702da719733053900909016500f8eb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6D1F531930207EACB249F68C8A5BFAB7B0FF05702F244199ED059B650D3759DB8CB99
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00240242: EnterCriticalSection.KERNEL32(002F070C,002F1884,?,?,0023198B,002F2518,?,?,?,002212F9,00000000), ref: 0024024D
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00240242: LeaveCriticalSection.KERNEL32(002F070C,?,0023198B,002F2518,?,?,?,002212F9,00000000), ref: 0024028A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002400A3: __onexit.LIBCMT ref: 002400A9
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 002A6238
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002401F8: EnterCriticalSection.KERNEL32(002F070C,?,?,00238747,002F2514), ref: 00240202
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002401F8: LeaveCriticalSection.KERNEL32(002F070C,?,00238747,002F2514), ref: 00240235
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002935E4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0029359C: LoadStringW.USER32(002F2390,?,00000FFF,?), ref: 0029360A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                              • String ID: x#/$x#/$x#/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1072379062-3600581103
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff67f24447bc04dd187d43e6c17680d5b5453c5c328f0e5cedb5a8765f4fbae8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d29373aa3a85645da91d9b49d3b1aea3781c16bcd76fb7116b8f524448a6f09
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff67f24447bc04dd187d43e6c17680d5b5453c5c328f0e5cedb5a8765f4fbae8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56C1B371A2010AAFDB14DF98C894EBEB7B9FF49310F148069F9059B291DB70ED65CB90
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: JO"
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-550355754
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 070a17d10a6c071d0bf8ba95c25965022680de6810bfc3b5af9d33cb7e4671ad
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fc98933ac9fb4ef9b82b627cd50da5ac9dec6d0235f7c4d4b21f7dd49dff68a2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 070a17d10a6c071d0bf8ba95c25965022680de6810bfc3b5af9d33cb7e4671ad
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB510671D3062A9FCF10DFA4C959FAE7BB4AF45316F10005AFC04A7291C7719929CB69
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00258B6E
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00258B7A
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00258B81
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                              • String ID: .$
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2434981716-2510666271
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c3309bacc8d386d2c3ed3a8b2f258d362d040f7ed06f3360438e1d86ce5c571
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b766f853f4f32b5671cb9a430466e06682508a221e15305842aa49513cee003
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c3309bacc8d386d2c3ed3a8b2f258d362d040f7ed06f3360438e1d86ce5c571
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2941A070634045AFD7249F14D884A797FE9DB85305F2841A9FC88E7552DDB1CC268798
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002821D0,?,?,00000034,00000800,?,00000034), ref: 0028B42D
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00282760
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002821FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0028B3F8
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0028B355
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00282194,00000034,?,?,00001004,00000000,00000000), ref: 0028B365
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00282194,00000034,?,?,00001004,00000000,00000000), ref: 0028B37B
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002827CD
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0028281A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbeba701c755507ead8c17e357e773650112b24177892f4ba00ebdfc8f009a42
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 18c972625f869d49538a7c42df05179a25e8bfc0d6f562ed937237a56016ebd5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbeba701c755507ead8c17e357e773650112b24177892f4ba00ebdfc8f009a42
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7412C76901218BFDB11EFA4CD55ADEBBB8AB09300F104099EA55B7181DA706E59CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00251769
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00251834
                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0025183E
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-3695852857
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c555aa3d0fa39a49d61b38a44be9792d1367b26a7182a8dca377e4931c39042
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 318bf7dc5525e789616a4f8de4890e2c4165ce94e0d878929119a7b4fef9d69d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c555aa3d0fa39a49d61b38a44be9792d1367b26a7182a8dca377e4931c39042
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7631C475A10218EFDB21DF99DC85EAEBBFCEB85351B104166FC0497211D7B04E68CB94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0028C306
                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 0028C34C
                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,002F1990,01284B38), ref: 0028C395
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4ad26a61523a1aaedfe9e627a9009599c1dad87b0d125b00d230bf136bb9765c
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a0b758ae284db2889fa93cb7174c646420c1cf153d8e3b45f021fa177dd9fa1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ad26a61523a1aaedfe9e627a9009599c1dad87b0d125b00d230bf136bb9765c
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0041F5352153029FD720EF24D884B1ABBE4FF85310F2086ADF8A5972D1C730E855CB62
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,002BCC08,00000000,?,?,?,?), ref: 002B44AA
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32 ref: 002B44C7
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002B44D7
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8016e7f9b2a9547f2ec87e7ac681f9af494cf37eed5bf759a8f844d066dbc015
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f4c8017a55dcc7bfdb56e76dae527cc6d635e94cfa5cdc1b436736301516bd9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8016e7f9b2a9547f2ec87e7ac681f9af494cf37eed5bf759a8f844d066dbc015
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0318F71220606AFDB209E78DC85BEA77A9EB09374F204725F975921D1D770EC709B50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SysReAllocString.OLEAUT32(?,?), ref: 00286EED
                                                                                                                                                                                                                                                                                                                                                              • VariantCopyInd.OLEAUT32(?,?), ref: 00286F08
                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00286F12
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                              • String ID: *j(
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2173805711-1614557683
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 75a112fa08e0058e9531dd6db721ebdaeb3d558d6de32a3499cf6b0a46be6612
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 23a49c443b5102db50a99d7276740a83b78cb9a0b3a284464cc3c039c199a773
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75a112fa08e0058e9531dd6db721ebdaeb3d558d6de32a3499cf6b0a46be6612
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E731AF76625255EBCB05BFA4E8589BE3776EF98300B2004A8FA034B6E1C770D931DB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 002A335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,002A3077,?,?), ref: 002A3378
                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002A307A
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002A309B
                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(00000000,?,?,00000000), ref: 002A3106
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                              • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 10fbde197a5be618ceaebab2b765704e3d4e6529f7c69f03c86280d163b5e811
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be83a9a17d019c9f778eaa8e5f58a69106ea5692445836b60dc238211381053e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10fbde197a5be618ceaebab2b765704e3d4e6529f7c69f03c86280d163b5e811
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6931E7352142069FCB10CF68C485EA977E0EF16314F248159F9158B392DF72DE55CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 002B3F40
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 002B3F54
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 002B3F78
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                              • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2495235846949108b37cda0786c7cb083545c6007bd96a6e55425e6bd064f6fb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: baddf80814f95c8e13d660bd2b75191ee73756e95040d099e563474da0dd0054
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2495235846949108b37cda0786c7cb083545c6007bd96a6e55425e6bd064f6fb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4021BF32620219BBDF25CF90DC46FEA3B79EF48754F110214FA556B1D0D6B1A960CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 002B4705
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 002B4713
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 002B471A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6ec916597fbdafd9f25da7f00f1ab090f438d0b50d91dfbe6b15ff9832d79f63
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a8ff30032c5d1f9cf7ad78816f4c1ac472907de7353858e0bfe70063f222d133
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ec916597fbdafd9f25da7f00f1ab090f438d0b50d91dfbe6b15ff9832d79f63
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC2171B5610209AFDB10EF68ECC5DB777ADEF5A3A4B140059FA009B251CB71EC61DA60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a3c5fd9918a2b51ff15ac18d401d6a2d43b25f69378e2161b03544ecf19c9bc4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 78b74ed17c47b6b00d6d46c97cfcc46786b901819325b3346299f2c5798b35e9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3c5fd9918a2b51ff15ac18d401d6a2d43b25f69378e2161b03544ecf19c9bc4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A421683623553266D335BE289C02FBB739C9F51300F484026FA49970C1FB94ADB1C791
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 002B3840
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 002B3850
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 002B3876
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3364ee6e7996df79cd66174c39be469ef249255d08b2bf4801457fe779109b7f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71329f56b634007f88d31315ee2291d1580c1bd2d6f942c8d91f4e7d17d73954
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3364ee6e7996df79cd66174c39be469ef249255d08b2bf4801457fe779109b7f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF21B072620119BBEB11CF54DC45EFB776EEF897A0F108124F9449B190CA71DC619BA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00294A08
                                                                                                                                                                                                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00294A5C
                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,002BCC08), ref: 00294AD0
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68348fa222ae011e24610c84ca9bb0614395fa15d62b8eea3bb3ee33584eb8d1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1b01281c298c0e3fb795d519c50b44bc3433b9503c71c7b838184f9e70f8d80
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68348fa222ae011e24610c84ca9bb0614395fa15d62b8eea3bb3ee33584eb8d1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB317375A10109AFDB10DF54D885EAABBF8EF08308F1440A5F909EB252D771EE56CF61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 002B424F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 002B4264
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 002B4271
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c39af8d68845d679adbe3b2e30ee78bce1942abc604fd87b057f1042717dd6e7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fe5c39c34d2e8a5429f3b68ce72b2e0348a82f9161b7fb4737ce9f3de5a135ce
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c39af8d68845d679adbe3b2e30ee78bce1942abc604fd87b057f1042717dd6e7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A11E331260248BEEF206E69CC46FEB3BACEF95BA4F110124FA55E2091D2B1DC219B50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00282DC5
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00282DD6
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282DA7: GetCurrentThreadId.KERNEL32 ref: 00282DDD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00282DE4
                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 00282F78
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00282DEE: GetParent.USER32(00000000), ref: 00282DF9
                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00282FC3
                                                                                                                                                                                                                                                                                                                                                              • EnumChildWindows.USER32(?,0028303B), ref: 00282FEB
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 36f9a592bde85d5480e29613296d8fd6c66c9670882ca3f7c911d8cf482e29b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e7e5793ea22d1fbdc9e8817fe599dcbd62a5f962498ed60ce38496c12049b010
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36f9a592bde85d5480e29613296d8fd6c66c9670882ca3f7c911d8cf482e29b4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84110679620205ABCF10BF709C89EED376AAF84304F144075FD09AB192DE3099298F70
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0028D682
                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,t*.,00000007,0000000C,?,0000000C,?,00000000), ref: 0028D6BF
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0028D6C8
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                              • String ID: t*.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 33631002-520411257
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88ee042839d0096aa2430e3a0663df5f2dba3fe42df587b96fc3171b829d8e07
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 92c9003f704a31d4ecb0ec2cd77dd2c46a5bdbcb8fd0dd7d2736a365261ee02c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88ee042839d0096aa2430e3a0663df5f2dba3fe42df587b96fc3171b829d8e07
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 560175B1D11229BBE710ABADEC49FAFBBBCEB08750F104655B914F71D0D2B45A0587E0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002B58C1
                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002B58EE
                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 002B58FD
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4670f3d8d316b2076063689390e1c3ddd27a9f3d10298ac85ce716d2380b64b8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9e9ff5510d127657e165b3e28af9207c03687fa0e81b8304fca592b79b545c91
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4670f3d8d316b2076063689390e1c3ddd27a9f3d10298ac85ce716d2380b64b8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8301A171520219EFDB209F11EC44BEEBBB4FF453A0F148099E848DA151DB308AA0DF60
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a71b7bc047dc2af94d894793776d66fd9686765098c8fa50c9397e52f417757
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7170190a6fb7c7a944cdf327ba473cfcfb90c2507670177451d6279e14a817a1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a71b7bc047dc2af94d894793776d66fd9686765098c8fa50c9397e52f417757
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DC18D79A11206EFDB54DF94C888BAEB7B5FF48314F208598E805EB291C770EE55CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01725a5d8e27fbe29f9918a018fa193ab3b5f86949c971c3648ed86b120eefe0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 72b1e6fadffc94c8d01bb264425b9399bdb08f09ce4660d948f320f08d33780d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01725a5d8e27fbe29f9918a018fa193ab3b5f86949c971c3648ed86b120eefe0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8A16A75624310AFC700DF68C585A2AB7E4FF89710F148859F98A9B362DB30EE20CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,002BFC08,?), ref: 002805F0
                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,002BFC08,?), ref: 00280608
                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,002BCC40,000000FF,?,00000000,00000800,00000000,?,002BFC08,?), ref: 0028062D
                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 0028064E
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 070c96e79efa718b309f45aa09b0daa78ec06b412de85596c4534b1732eacd19
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4cb4b4619ba70954d729eaa700b8bf82fa29c2f025532e01c66c43874eaa1f92
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 070c96e79efa718b309f45aa09b0daa78ec06b412de85596c4534b1732eacd19
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3815B75A10109EFCB04DF94C984EEEB7B9FF89305F244158E506AB290DB71AE1ACF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 002AA6AC
                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 002AA6BA
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 002AA79C
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 002AA7AB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00263303,?), ref: 0023CE8A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e27c8733c34fb7e3568517c2f4e4db81749c75c40c45dde5034c783ed06e4df
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e7de5e72e17e8193c089585242a63f0d029def0dae2a2ece6a7103cd45a656f8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e27c8733c34fb7e3568517c2f4e4db81749c75c40c45dde5034c783ed06e4df
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC517CB1518310AFD310EF64D886A6BBBE8FF89714F40492DF58997262EB30D914CF92
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 647b50c0b2fea58a0558fd7b7ed99e5233826e14cf1a29cf01d1e21807605ba0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cdd168c13b6c6c4bffc6e2b4666c458825e863241bdb439391a41c98150454f2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 647b50c0b2fea58a0558fd7b7ed99e5233826e14cf1a29cf01d1e21807605ba0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38416D31930111ABDB25BFB89C466BE3AA4EF41330F2C4225F819D3291EA7498F15A61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 002B62E2
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B6315
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 002B6382
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbf7bbf6fc114743bf108511c93e78ed4fd70722e4bd49a7e4bc3cdfa86eb674
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7aeb3f1a7632d2d8418d52797f425348520faa54485f7930d810c4295648f535
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbf7bbf6fc114743bf108511c93e78ed4fd70722e4bd49a7e4bc3cdfa86eb674
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0515C7091020AEFDB10CF58D8889EE7BF5EF457A0F1082A9F91597290D734EDA1CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 002A1AFD
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1B0B
                                                                                                                                                                                                                                                                                                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 002A1B8A
                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 002A1B94
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 459741f4972a6b1bb3650fffe4e82d69e997aa2fb4e8d0b7bf5c82488c031b1f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e7b2154feac3915a183672a0474c8974c126929ca0f1ffe27e7416832d06b33
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 459741f4972a6b1bb3650fffe4e82d69e997aa2fb4e8d0b7bf5c82488c031b1f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD410674610301AFD720AF20D88AF2977E5AF44718F548448FA1A9F7D2DB72DD61CBA0
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 54fc48e3c75ad1cc68a17555ef145229c3e67c7bade1897bc41e3d0c65e3acbf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a4b3f2a5a5e91c40752bffaea14425a1ee128c0a5088d0b6e734b73c041a4351
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54fc48e3c75ad1cc68a17555ef145229c3e67c7bade1897bc41e3d0c65e3acbf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F412B72A20314BFD725DF38CC41B6ABBE9EB88711F20452EF941DB2C1D771A9658B84
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00295783
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 002957A9
                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 002957CE
                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 002957FA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3fe2b7fd04d9fd49629dc0f453a78bc758a517f5b6d6ec9376d23c79708b95d7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8dda5113d4182d317f270f2fa9fe6f7b4dea23fa26b2132d0c03115fa8072972
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3fe2b7fd04d9fd49629dc0f453a78bc758a517f5b6d6ec9376d23c79708b95d7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1414D35214621EFCB11EF55D544A5EBBE1EF89320B188488EC4A6B362CB34FD60CF91
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,00246D71,00000000,00000000,002482D9,?,002482D9,?,00000001,00246D71,?,00000001,002482D9,002482D9), ref: 0025D910
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0025D999
                                                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0025D9AB
                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0025D9B4
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00253820: RtlAllocateHeap.NTDLL(00000000,?,002F1444,?,0023FDF5,?,?,0022A976,00000010,002F1440,002213FC,?,002213C6,?,00221129), ref: 00253852
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 64402c1010aa6d3601398c9d3eb9418f8180cffd0a105ac5e9b0dc1cf8ebfe28
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c9e864563aebb457047af201fa617abe9440cc9b197e5257eed81a6f9e4dbdb2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64402c1010aa6d3601398c9d3eb9418f8180cffd0a105ac5e9b0dc1cf8ebfe28
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B31F472A2020AABDF24DF64DC45EAE7BA5EF41311F150168FC04D7150EB35DD68CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 002B5352
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B5375
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002B5382
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002B53A8
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b9aee92f18e600c5a70f34bb67bf71d81491a412aecbd8faa3a9ae24a9a9be65
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ab7e42ae7ab4acb53564c3ebfafa944b5ea8a7d8ff790c9b635fca2ffcc1b1f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9aee92f18e600c5a70f34bb67bf71d81491a412aecbd8faa3a9ae24a9a9be65
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02310630A75A29EFEB349E14DC09FE837E5AB043D0F584181FA509A3E1C3F5A9A0DB41
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0028ABF1
                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 0028AC0D
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 0028AC74
                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0028ACC6
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d5fe76a661945f45007753e99174176296ef3b72ff706c0c17fec9f2e0c6b939
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 54aad377b4e028ca516a82262e484c0db0235c0002243936161cf3edf168e926
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5fe76a661945f45007753e99174176296ef3b72ff706c0c17fec9f2e0c6b939
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B314B74A227196FFF35EF698C08BFE7BA5AB89310F08431BE481521D1CB7589A18752
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 002B769A
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 002B7710
                                                                                                                                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,002B8B89), ref: 002B7720
                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 002B778C
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a25576e5d7e0110c8bf6f1ca95451580ea8a820daad36b7214de554919b9297a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 26cb4184128e7c3d06f1f2c8cf2df4ac614a5b58bc9a2ef1d4648c2b2a21916e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a25576e5d7e0110c8bf6f1ca95451580ea8a820daad36b7214de554919b9297a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9441CC34A19215DFCB01CF58D888EE9B7F4FF88394F1481A8E8159B261CB70E961DF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 002B16EB
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00283A57
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: GetCurrentThreadId.KERNEL32 ref: 00283A5E
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002825B3), ref: 00283A65
                                                                                                                                                                                                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 002B16FF
                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 002B174C
                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 002B1752
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12e7b109962902a4392bcdb2748e72811eaf8d7629eb6ee06d991b5137bdd747
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6eadf65052ef6a7aadd79402509645c2ae1eca00291415f707888d7a407d8536
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12e7b109962902a4392bcdb2748e72811eaf8d7629eb6ee06d991b5137bdd747
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F317E71D10109AFCB00EFA9D885CEEBBF9EF48304B5480AAE415E7211EB309E55CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00227620: _wcslen.LIBCMT ref: 00227625
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028DFCB
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028DFE2
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0028E00D
                                                                                                                                                                                                                                                                                                                                                              • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0028E018
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3763101759-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 503b9efb1ca60ca78b3f9c833a86d109a86fc96622a68d8750241b89ae16811a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aab6fd0b4fc2562f4ab2493dbd7cc9b36c90e1ef3ced5ef0969b6e8b72d1bff9
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 503b9efb1ca60ca78b3f9c833a86d109a86fc96622a68d8750241b89ae16811a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB21E275D11215AFCB20EFA8D981BAEB7F8EF45710F114064E904FB285D6709E51CBA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B9001
                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00277711,?,?,?,?,?), ref: 002B9016
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B905E
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00277711,?,?,?), ref: 002B9094
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 19a98bd656522c0d08d69a1099390e1569479d89e68c471dd2980af85a1e72d7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e2d2ae5a68caef839db349846ee4989788af30884457c18430db20698f4946e0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19a98bd656522c0d08d69a1099390e1569479d89e68c471dd2980af85a1e72d7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D321F131210018FFCB259F94DC98EFA7BB9EF8A3A0F100565FA0557261C371A9A0DF60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,002BCB68), ref: 0028D2FB
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0028D30A
                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0028D319
                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,002BCB68), ref: 0028D376
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c51fc4c31bfada9afadb19df8b9cc7bd897a53781ef3974ee943f51f0faf50f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a2f6e9f8357d02edcdb7b93a41497bcd9e6724364c5bd2502cbe65741473b859
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c51fc4c31bfada9afadb19df8b9cc7bd897a53781ef3974ee943f51f0faf50f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8721F334526302AF8700EF24D88046EB7E4EE5A324F604A5DF899C32E1D730C959CF93
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0028102A
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00281036
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00281045
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0028104C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00281014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00281062
                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 002815BE
                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 002815E1
                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00281617
                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0028161E
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 87ba1dfff08ddbaf1fdc5b5536bc34630c19540d15aba5fcf9a6452d618499c1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c0c43fada595a4ac4ab0520de722cce6b94c2035bcb06798e81e9b2b442cd2e3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87ba1dfff08ddbaf1fdc5b5536bc34630c19540d15aba5fcf9a6452d618499c1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29217C71E11119EFDB04EFA4C949BEEB7BCEF44344F184459E445AB281E734AA26CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 002B280A
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002B2824
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002B2832
                                                                                                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 002B2840
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 633af1b2c5272ff189fb2032e59cc6c4cf787ad86b84b59591e18f250413a186
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14dcf6108cc66e151a063c01c0a88600fa3b23cb478dae5d2e0e5478ced3c328
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 633af1b2c5272ff189fb2032e59cc6c4cf787ad86b84b59591e18f250413a186
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B521C431224211EFD7149F24D844FAAB799EF45364F248258F4268B6E2CB71FC56CBE0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00288D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0028790A,?,000000FF,?,00288754,00000000,?,0000001C,?,?), ref: 00288D8C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00288D7D: lstrcpyW.KERNEL32(00000000,?,?,0028790A,?,000000FF,?,00288754,00000000,?,0000001C,?,?,00000000), ref: 00288DB2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00288D7D: lstrcmpiW.KERNEL32(00000000,?,0028790A,?,000000FF,?,00288754,00000000,?,0000001C,?,?), ref: 00288DE3
                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00288754,00000000,?,0000001C,?,?,00000000), ref: 00287923
                                                                                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,00288754,00000000,?,0000001C,?,?,00000000), ref: 00287949
                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,00288754,00000000,?,0000001C,?,?,00000000), ref: 00287984
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ce18ee496acc3a9293a40e1ad2d04a528ce7f84ef3f07c420df61dffcbb87f9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3260860e6605ac029736ec61b21cf168cbe4d8c33fc9bc255f396eb09f00e1d7
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce18ee496acc3a9293a40e1ad2d04a528ce7f84ef3f07c420df61dffcbb87f9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1211E93E221342ABCB15AF39D845D7A77A9FF45390B60402AF946C72A5EF31D821C751
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 002B7D0B
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 002B7D2A
                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 002B7D42
                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0029B7AD,00000000), ref: 002B7D6B
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d2d8531ba2d4b27dfe72257865e753e4dc968803e527fe67ecd7949cdd274831
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d5b07001494fd8a65d625f7d420ec98f6d8a1de289fa5db8b652c80e1be450b3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2d8531ba2d4b27dfe72257865e753e4dc968803e527fe67ecd7949cdd274831
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C119031624616AFCB109F28DC08AB63BA5AF853F0B654724F839D72F0D7319960CB90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 002B56BB
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B56CD
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002B56D8
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 002B5816
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 550f06422a1b1f1535c3ce8021b66e1c9406c6051d525baaf092c118b64aa016
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: df48a75b6d989b3c69173cd4427bdfdf303c1465f4c73cd8ed7d4c54515a3c5b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 550f06422a1b1f1535c3ce8021b66e1c9406c6051d525baaf092c118b64aa016
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54110631620629AADB209F61CC85BEE777CFF107E4F504026FA05DA081EBB0C9A0CF60
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 14dbfe1c8e5acd048b211ef72d08e5cb5d4515395062d415a4c84d632caaa9bf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1055f0f6b1ce28fd6c2d89305de060ac9402a9477687fb62c6b9d5406348c61
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14dbfe1c8e5acd048b211ef72d08e5cb5d4515395062d415a4c84d632caaa9bf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C018FB222661A7EF6212A787CC0F67662CDF817BAB300325FD31611D2DB708C788578
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00281A47
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00281A59
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00281A6F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00281A8A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e30a444b1b09f26a414574c3a1349c3233bce911f58cbfbd076e103fa30bcf75
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f6340263f4717c9d7ba3455c7960a2abd10c295a1a2bfc01d21892fed27aaac2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e30a444b1b09f26a414574c3a1349c3233bce911f58cbfbd076e103fa30bcf75
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B113C3AD01219FFEB14DBA4CD85FADBB78EB08750F200091E610B7294D6716E61DB94
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0028E1FD
                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 0028E230
                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0028E246
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0028E24D
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 33eff8a064f9cfe3923d9f00c8a9291e322c58d2b24f40328dc15abc399916ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9b21afd50b7fe898b9e6a5a5794508b96c9e1f726a020179a0d1793237ee577
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33eff8a064f9cfe3923d9f00c8a9291e322c58d2b24f40328dc15abc399916ec
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5112676914214BBCB01AFA8BC0DAAE7FADAB45320F504365FC24E32D5D6B0CD20C7A0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,?,0024CFF9,00000000,00000004,00000000), ref: 0024D218
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0024D224
                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0024D22B
                                                                                                                                                                                                                                                                                                                                                              • ResumeThread.KERNEL32(00000000), ref: 0024D249
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b4a5d18e07cf26e033a18aad9e4419dc97751ec47d241d547278d48d94add371
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a3a4b57566300d88cc8a576f95d59b3f602953ce8841bbe9ae839ba4330377a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4a5d18e07cf26e033a18aad9e4419dc97751ec47d241d547278d48d94add371
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A012632825205BBCB189FB5DC09BAE7A68DF81330F200319FC29960D1CBF0C820CAA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00239BB2
                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 002B9F31
                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 002B9F3B
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B9F46
                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 002B9F7A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 94158d528e0b5d29784c49e44b34f21a3ac9d369ad733b66d257fb4c8efa8c45
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e66c5b1c092b518f88d59ebee0d7b8bdc7640dd96f2a5aca89cbe82d9362de3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94158d528e0b5d29784c49e44b34f21a3ac9d369ad733b66d257fb4c8efa8c45
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC11483291011AEBDB10DFA8D8899FEB7B9FB463A1F500551FA01E3550D770BAE1CBA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0022604C
                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00226060
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0022606A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f5e9011eb0e050ef9ce993ec15e3fd999276a496e3b5d0b4f5189e7f081cfc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b574c1f9a82c7188db7dca89d4e7fa872083547e0ff92023cbfcf1372e65335
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f5e9011eb0e050ef9ce993ec15e3fd999276a496e3b5d0b4f5189e7f081cfc8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11118B73111519BFEF124FA4AC48EEABB6DFF093A4F100211FA0452010C7729D60EBA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 00243B56
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00243AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00243AD2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00243AA3: ___AdjustPointer.LIBCMT ref: 00243AED
                                                                                                                                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00243B6B
                                                                                                                                                                                                                                                                                                                                                              • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00243B7C
                                                                                                                                                                                                                                                                                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 00243BA4
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 808b51c1511c84339218f2e41d362fe78137b5a765e7d7738f0878f98145b31b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA012932110149BBDF16AE95CC42EEB3B69EF48758F044014FE4896121C732E971DFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,002213C6,00000000,00000000,?,0025301A,002213C6,00000000,00000000,00000000,?,0025328B,00000006,FlsSetValue), ref: 002530A5
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,0025301A,002213C6,00000000,00000000,00000000,?,0025328B,00000006,FlsSetValue,002C2290,FlsSetValue,00000000,00000364,?,00252E46), ref: 002530B1
                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0025301A,002213C6,00000000,00000000,00000000,?,0025328B,00000006,FlsSetValue,002C2290,FlsSetValue,00000000), ref: 002530BF
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 822f5f0047f8e76a78c1d941c4c104cc4a6c0dd1022fa4bd8841d2b7537b8610
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e86a80a1dbbb0b0b41a08f0c3a52cdd7fefd46c2d1c3c5687909a09181857a6
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 822f5f0047f8e76a78c1d941c4c104cc4a6c0dd1022fa4bd8841d2b7537b8610
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E018832731327ABCB218E79AC4896777989F45BE2B215720FD05E7180D731D929C6E4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0028747F
                                                                                                                                                                                                                                                                                                                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00287497
                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 002874AC
                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 002874CA
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01723db62b6a2d71281273cc00d1fc521dbf3541d2221f346f300dd19a0dddc7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c49c70ae47e4b50ca538c1ebbf63fc6f9c93b4c4bd72fa671a7621275d4bbea
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01723db62b6a2d71281273cc00d1fc521dbf3541d2221f346f300dd19a0dddc7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2511A1B92263119BF7209F54EC08B937FFCEB00B10F208569A656D6191D7B0E914DB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0028ACD3,?,00008000), ref: 0028B0C4
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0028ACD3,?,00008000), ref: 0028B0E9
                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0028ACD3,?,00008000), ref: 0028B0F3
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0028ACD3,?,00008000), ref: 0028B126
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 146adf30688c985ab718d6a6bcc399611fccbee614ccbfa63615fe7896d1f5bb
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cca293793bab86fd1e949b019080cce2b8cc3eb7dc18a850c01959aa6fc2fd1c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 146adf30688c985ab718d6a6bcc399611fccbee614ccbfa63615fe7896d1f5bb
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F118B34C2252DE7CF01EFE8E99C6EEBB78FF09311F10419AD985B6181CB3056608B51
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 002B7E33
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B7E4B
                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 002B7E6F
                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 002B7E8A
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e127fd6647b9a4e57e666f451099ebd82b555c773737134d12544f4f5e4a6b5d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73c80c9107852106d78718bfeddd63082a2190b82cae2735d38ae9fddc60544a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e127fd6647b9a4e57e666f451099ebd82b555c773737134d12544f4f5e4a6b5d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF1156B9D0020AAFDB41DF98D8849EEBBF9FF48310F505166E915E3210D735AA54CF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00282DC5
                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00282DD6
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00282DDD
                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00282DE4
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ddd34b99d4fef75af22ccfb199fbfd1e42b19432983bec19572fa24dab5b4f94
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bbd928b849f851c857f63296c13bb457290084d60b02bbdccfb84003d74e5830
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ddd34b99d4fef75af22ccfb199fbfd1e42b19432983bec19572fa24dab5b4f94
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36E09276512224BBD7202F72AC0DFEB3F6CEF83BA1F100225F505D10809AA0D844C7B0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00239693
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: SelectObject.GDI32(?,00000000), ref: 002396A2
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: BeginPath.GDI32(?), ref: 002396B9
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00239639: SelectObject.GDI32(?,00000000), ref: 002396E2
                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 002B8887
                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,?,?), ref: 002B8894
                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 002B88A4
                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 002B88B2
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7159ca724379e3e019ef182ebf61231fd6d8560f9c241d627a4fc696e1adb822
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1879701922a5107d017abea2e2132ea08aabf24f646bcfe9d6cd3258088ec104
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7159ca724379e3e019ef182ebf61231fd6d8560f9c241d627a4fc696e1adb822
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8F0343605225AFBEB126F94AC0EFDA3A69AF06360F548200FA11650E2C7B55561CFE9
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 002398CC
                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 002398D6
                                                                                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 002398E9
                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 002398F1
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0553164077b79a109c69e4695b5b72ba1dad4b96a3eb2ccba242912d2e836d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a080a16bb0b6e55217e6ec97eb648740726a2ad940ecc41adfb1bbb535292b5
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0553164077b79a109c69e4695b5b72ba1dad4b96a3eb2ccba242912d2e836d4
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21E06D31254280AADB215F78BC0DBE83F20AB12336F24C319F6FE681E1C37146909B20
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00281634
                                                                                                                                                                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,002811D9), ref: 0028163B
                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,002811D9), ref: 00281648
                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,002811D9), ref: 0028164F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44c68ebff5566a36172e50bd0b198d6f31fd964d231de31d764b890bdd8c2bbd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8549f88992fbfa2a0f436640f17f215362f1089f39f01e2cc1e85a754ee3726c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44c68ebff5566a36172e50bd0b198d6f31fd964d231de31d764b890bdd8c2bbd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8E08635606221DBD7203FA0BD0DB863B7CAF44791F288918F785C90C0E6344451C760
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0027D858
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0027D862
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0027D882
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0027D8A3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 706a4e61720bb54f5cfcca99616fba52f270c43e2bcfeca9389089e5ea906bcf
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 63c302b8f3dd5b93b38849e0293c4da29bb3438e65745d3d1dfbbbedf2f4dd61
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 706a4e61720bb54f5cfcca99616fba52f270c43e2bcfeca9389089e5ea906bcf
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73E01AB4C10205EFCB41AFE4E90CA6DBBB5FB88310F208509E816E7250C7784912AF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0027D86C
                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0027D876
                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0027D882
                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0027D8A3
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f05a24af50d765be6166ac0b75a31aa5b63a5d6f30af9b0a320450cd8fdc1ef3
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10906066f80132f912714e974d154be390c2cf591ecf05b4d17a05ffecff837c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f05a24af50d765be6166ac0b75a31aa5b63a5d6f30af9b0a320450cd8fdc1ef3
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4E04FB4C10204EFCF40AFA4E80CA6DBBB5FB88310F208509F916E7350C73859119F50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00227620: _wcslen.LIBCMT ref: 00227625
                                                                                                                                                                                                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00294ED4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: addf166ac5ec2643f4713da591ccfd937a10cef8066732d09c61a812f7fbb80a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5110d190070b55ed004c424892c1e26d1b4e3d23d816700ed92121d3d23df87c
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: addf166ac5ec2643f4713da591ccfd937a10cef8066732d09c61a812f7fbb80a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4919275A10215AFCB14DF54C484EAABBF1BF48304F148099E84A9F762C771ED96CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(0027569E,00000000,?,002BCC08,?,00000000,00000000), ref: 002A78DD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00226B57: _wcslen.LIBCMT ref: 00226B6A
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(0027569E,00000000,?,002BCC08,00000000,?,00000000,00000000), ref: 002A783B
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: <s.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3544283678-183820828
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: de6e6dc44db25b31412b9e01e6b14431f6addffd4c423527953fbc615fb27e3a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2a96966c998c33295d0d811126a10032ff21b0ada0e99a0296e092a177a7fa1
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de6e6dc44db25b31412b9e01e6b14431f6addffd4c423527953fbc615fb27e3a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83614B3293412AABCF04EFE4DC91DFEB378BF19700B544126E542A3091EF745A65DBA4
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed2df7b13617a6fb4de205ad39f6e6e4d4fb47165ec047d5b1dbb9482e4821b8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 52594728b780e5136f2f4ff4de4b89b3089da37640b037645d227244b814fef2
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed2df7b13617a6fb4de205ad39f6e6e4d4fb47165ec047d5b1dbb9482e4821b8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55515671520247EFDF18DF68C081ABABBA8EF29310F258095FC959B2D0D6309D76CB60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0023F2A2
                                                                                                                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 0023F2BB
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3df66db070d523cec7b96060353c55f4d0c967e08aeb96dd7da15b92488e3270
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: caeb8a18d2734812700ec0a6084de46f858c58632571b36c1eac8be97a04e54f
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3df66db070d523cec7b96060353c55f4d0c967e08aeb96dd7da15b92488e3270
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C512971418744ABD320AF90E886BAFB7F8FB84300F91885DF5D9411A5EB708939CB66
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 002A57E0
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 002A57EC
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff713328b4a5715c32d142f638c83ec6841d3fd1e25a1cb6418eead230151d4d
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e014e0d35fa3f873de069b5689968de3d4df600b5ccf3037b1a637ecb8c7a009
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff713328b4a5715c32d142f638c83ec6841d3fd1e25a1cb6418eead230151d4d
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2641B271E20219DFCB14DFA8C8859BEBBB5FF5A310F144029E505A7291EB749DA1CFA0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0029D130
                                                                                                                                                                                                                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0029D13A
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: |
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: da0b783c5ef75669190f624b87015994b668894bf65a515f5cec12e8d71e0a8b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 315c6f8c43d20bb76a45cc863985369f708c4994f2454887fc43b7c6c0027a9b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da0b783c5ef75669190f624b87015994b668894bf65a515f5cec12e8d71e0a8b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF310A72D11119ABCF15EFA4DC85EEE7FB9FF04300F100019E819A6166D731A966DF50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 002B3621
                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 002B365C
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a8ab4a0161f9edf89ff089529c117809541c389ac9b56eb9654704287852bc0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2abb25fec488b2ca8feb40434d6ce57ab001904db256a7795ca683296fb0600e
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a8ab4a0161f9edf89ff089529c117809541c389ac9b56eb9654704287852bc0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB319271120605AEDB24DF68DC40EFB73ADFF88764F108619F8A597190DA30ADA1DB64
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 002B461F
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002B4634
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: '
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d36f829c6c2b04e46f727fa3fe46c860fe9dcf17455836a3e2739435308e5de8
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5b678ca48b40266e93583246f74fd2a235d048e65d09690adebfb788aa889cb8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d36f829c6c2b04e46f727fa3fe46c860fe9dcf17455836a3e2739435308e5de8
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A315974A1070AAFDF14DFA9C980BEA7BB9FF19340F54406AE904AB342D770A951CF90
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 002B327C
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002B3287
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                              • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 577f582e366c05cd5c8c35d2dad210ea5e51ff1ea7490b5dbc7b4483c2cf1a6f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a98db6002f01c7bf61e6c00a74cc9643d724828c070006c6a29b24099d3fd042
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 577f582e366c05cd5c8c35d2dad210ea5e51ff1ea7490b5dbc7b4483c2cf1a6f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A211B2713202097FFF25DE94DC85EFB376AEB983E4F104228FA1897290D6719D618B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0022604C
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: GetStockObject.GDI32(00000011), ref: 00226060
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0022600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0022606A
                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 002B377A
                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 002B3794
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e95c1b21e36d79dd4538120ba3754896a761720ee5cbc3da8baf6cc2dbc634ca
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e37740c0dd1dcf421c1fe3e882db9bf0352aaa8a3d99031d9f39db61ef8601bc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e95c1b21e36d79dd4538120ba3754896a761720ee5cbc3da8baf6cc2dbc634ca
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B112CB262020AAFDB00DFA8DC45EEA7BB8FB08354F104514F955E2250EB75E961DB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0029CD7D
                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0029CDA6
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 037003c0df01325d10fcba78ca74fb5916ef36d30454227d10f89b618afcc963
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40941ad6869ed92d552ddea8c4332889422b1e6a1a73a0cf817b336532bb793b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 037003c0df01325d10fcba78ca74fb5916ef36d30454227d10f89b618afcc963
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6911E9B12256327ADB384F668C49FF7BE6CEF127A4F204236B10983080D7B09860D6F0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 002B34AB
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002B34BA
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: edit
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 011f4eec0886831a93b43c37bc04bd1e30d557b47da0820cb236488902da0cfe
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e5a32c4cfbfb5ed0efe01bccea09d16d29e94f5078d7edb4003a0d3ab06915cf
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 011f4eec0886831a93b43c37bc04bd1e30d557b47da0820cb236488902da0cfe
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46119E71120209AFEB228E68EC44AFB377AEF053B4F604324FA65931E0C771DD619B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 00286CB6
                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00286CC2
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                              • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 606c7f103ee779508c87ca96ce9a5679b235f8ac5718b9452bf6cf5b72436ebd
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e10075d772e93f11995c88cc7aeefdf5cb27cac08e839525a1277e6ed1a8ac0
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 606c7f103ee779508c87ca96ce9a5679b235f8ac5718b9452bf6cf5b72436ebd
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED010036A315278BCB21BFFDDC889BF77A5FB61710B50053AE862921D0EA31D860CB50
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00281D4C
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01b47ad1d7b110c52f06e0206e34b77c6b81091fbaa155cccddb5df667aa86c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 33de849f702dd364e12ff5fc1e704da0c07aba1ad88642d20010f506eb7aedfa
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01b47ad1d7b110c52f06e0206e34b77c6b81091fbaa155cccddb5df667aa86c0
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9101F579632228ABCB08FFA0DC11DFE7368FB46350F04061AE822572C1EA3059398B60
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 00281C46
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b62d8332899068b6852d1d0c60d9e74de2e34dd284afd58ed4c5beca71d2cd6
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d443e4c845fe701717fdc4c6b616321145a4d669d0d876bf8c9ed25d3ee7354
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b62d8332899068b6852d1d0c60d9e74de2e34dd284afd58ed4c5beca71d2cd6
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9018479AA211966CB08FB90D9519FF77ACAB16340F54001AA506672C1EA609A398BB2
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 00281CC8
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbb5a7076a9d3ee53725cb35aef4086dee9995961159b1ddb3fdb6ee8720e7ea
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b59f4f229d08d5b6b4dc1359c6d4fdca76d572724f4dc5a328b80258b8ef6e3
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbb5a7076a9d3ee53725cb35aef4086dee9995961159b1ddb3fdb6ee8720e7ea
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7301A7B96B212977CB04FB91DA11AFE73ACAB15340F540016B801732C1EA609F398B72
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0023A529
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ,%/$3y'
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2551934079-3540759730
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 42b11595a60f2514d3043998e69e2724ec651b48fb8ff56d714ea4e242272b1e
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ad363af171e5762f599cd4cd3330f7b30e5582501e15ace791482ce3d75d3ea8
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42b11595a60f2514d3043998e69e2724ec651b48fb8ff56d714ea4e242272b1e
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F012B71B3161497C508F7A8EC5BB6D73549B06760F900034F646571C2DE609DA58E97
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00229CB3: _wcslen.LIBCMT ref: 00229CBD
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00283CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00283CCA
                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00281DD3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 79c9bc5c92ed5b2e385b17a07087cdc40f72ca18c66734036ac097aa9a54bcc2
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 19f2884e396686ab0eeecf79cbd4e94122d4bb0b562f18f0bb8c14e38745ef54
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79c9bc5c92ed5b2e385b17a07087cdc40f72ca18c66734036ac097aa9a54bcc2
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0EF0F975A7222877D704FBE4DC51FFE736CAB06344F440919F822632C1DA6059398760
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,002F3018,002F305C), ref: 002B81BF
                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 002B81D1
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                              • String ID: \0/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3712363035-4000318828
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b794f064a2b270b732f0fee95367b92e7611ffe5521cdcb14520943bae3af8a5
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d02a7abdf7fead3470402aaebfddf43509e11f5f608a6bb6df2094a7830af05a
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b794f064a2b270b732f0fee95367b92e7611ffe5521cdcb14520943bae3af8a5
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0F054B2650304BAF310AB65BC49FB77A5CDB047A0F400476BB08D51A2DA758A14C7B4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                              • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e52d508157bf50ac9aec17141192a38b7d8705157d7f77cc730c6fdd09029a45
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f35a5a05e94f9dc21f59d0d8340c5ece9e09a582c469509ac2c801f449efcc06
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e52d508157bf50ac9aec17141192a38b7d8705157d7f77cc730c6fdd09029a45
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1E02B16234261119235267A9CC1A7F579DDFCF750710182BF981C2266EE948DB2A3B4
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00280B23
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ee9b87d7bd314b33953e5ade9d853e51df88f079dc5ab083713358fcb00b8d51
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 88550bc5e278a5b65d46450f01c250b4f5fbb3d05ff6d0d8d56eb640a17436bc
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee9b87d7bd314b33953e5ade9d853e51df88f079dc5ab083713358fcb00b8d51
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEE0D8322A431837D2143A947C07FC9BA848F06B64F200426FB88594C38AE124700AE9
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0023F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00240D71,?,?,?,0022100A), ref: 0023F7CE
                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,0022100A), ref: 00240D75
                                                                                                                                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0022100A), ref: 00240D84
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00240D7F
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e8ff47710ef891cbae8d66eec67d9860e855fe583ef0b5fea93c7d5cb11c560a
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14c164fcb2591d4a8476e11f9c5e4eab714215125b24707de06f2c13e4e82e46
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8ff47710ef891cbae8d66eec67d9860e855fe583ef0b5fea93c7d5cb11c560a
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AE06D70A103118BE3649FB8E9487527BE0EF04780F008A2DE982C6656DBB5E4988BA1
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0023E3D5
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                              • String ID: 0%/$8%/
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-1744123779
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c872c500e826489b43340b66639ca6205b2d439bbe514d8ce77cc3b4cebea11f
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: af2aace1338374143521b35badd15669d5e16a6b98818867275c9cc9063dd58b
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c872c500e826489b43340b66639ca6205b2d439bbe514d8ce77cc3b4cebea11f
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CE02671430914CBCE0CEB18BA98ABC3353AB06370F9101F5F6028B1D19B702CADCA44
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0029302F
                                                                                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00293044
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                              • String ID: aut
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c554c12ca5873886945e68862653fd767aa77ee23c4f6cd0e64dcb6812e664b7
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e6c32ecf4e25f0805872dbd67a987479ac9ca701f7f734c3644b9c1eff19d83
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c554c12ca5873886945e68862653fd767aa77ee23c4f6cd0e64dcb6812e664b7
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDD05E7294032867DA20A7A5AC0EFCB3A6CDB05750F4002A1BB55E2091DAB09984CBE0
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                              • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ee43a5e932e71e6b1da5f32bba2d056ffc6784de66be5572056e374c2bfc975b
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 08d65cfbfb3e42dad0ed99edd49a2b7a5fae67b8eb69d1c6459e58a69ecfb479
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee43a5e932e71e6b1da5f32bba2d056ffc6784de66be5572056e374c2bfc975b
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D012A1C38109EACB9096D0DC498B9B37CAF08301F60C452FD0AA1043D674D5296B61
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002B232C
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 002B233F
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E97B: Sleep.KERNEL32 ref: 0028E9F3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 58a4596958b9414b58358dca23821acbb5638108fba554580fc075a72b9bb0c1
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 23ddd1388fa9687a33b140c2de2de081988de79b7aaeb8021efaa36b79740936
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58a4596958b9414b58358dca23821acbb5638108fba554580fc075a72b9bb0c1
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDD022363E0300B7E678B730EC0FFD6BA089B00B00F100A02B385AA0D0C8F0A800CB00
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002B236C
                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 002B2373
                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0028E97B: Sleep.KERNEL32 ref: 0028E9F3
                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8f449215747c5a8680fac1e38a1bfcde5d97b7a58b0e5ad455dddeb2d4cefdb9
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0049ace1f7027f18f7ca864a1f693cd8679ccbb6a8ca20a090fb785974f40811
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f449215747c5a8680fac1e38a1bfcde5d97b7a58b0e5ad455dddeb2d4cefdb9
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDD0A9323D13007AE668B730AC0FFC6A6089B04B00F500A02B381AA0D0C8E0A8008B04
                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0025BE93
                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0025BEA1
                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0025BEFC
                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2236847637.0000000000221000.00000020.00000001.01000000.00000003.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2236796498.0000000000220000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002BC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237206915.00000000002E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237633630.00000000002EC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2237674788.00000000002F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_220000_file.jbxd
                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: afeabf10b77df41b47cf924e0b520c58046ff41a622b4d209684875fe23296ba
                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9bb9f3e213ffd9d9d796bd68282058f84c99c3d2b3c5dda0bad1df87e36af17d
                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: afeabf10b77df41b47cf924e0b520c58046ff41a622b4d209684875fe23296ba
                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE411935624207AFCF268F64DC45ABABBA4EF41312F244169FD59971E1DB309C28CF64